ELA-1061-1 postgresql-9.4 security update

privilege escalation

Version9.4.26-0+deb8u9 (jessie)
Related CVEs CVE-2024-0985

In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.

For Debian 8 jessie, these problems have been fixed in version 9.4.26-0+deb8u9.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.