| Package | postgresql-9.6 |
|---|---|
| Version | 9.6.24-0+deb9u6 (stretch) |
| Related CVEs | CVE-2024-0985 |
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.
For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u6.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.