ELA-737-1 postgresql-9.6 security update
Package : postgresql-9.6
ELA-737-1 postgresql-9.6 security update
Version : 9.6.24-0+deb9u2 (stretch)
Related CVEs :
CVE-2022-2625
CVE-2022-1552
CVE-2022-2625
Sven Klemm found that some extensions in the PostgreSQL database
system could replace objects not belonging to the extension. An
attacker could leverage this to run arbitrary commands as another
user.
CVE-2022-1552
Alexander Lakhin discovered that the autovacuum feature and multiple
commands could escape the “security-restricted operation” sandbox.
A postgresql-9.6 security update has been released for Debian GNU/Linux 9 Extended LTS to address two security issues.