ELA-1060-1 postgresql-9.6 security update

privilege escalation

Version9.6.24-0+deb9u6 (stretch)
Related CVEs CVE-2024-0985

In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.

For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u6.

We recommend that you upgrade your postgresql-9.6 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.