| Package | postgresql-9.4 |
|---|---|
| Version | 9.4.26-0+deb8u9 (jessie) |
| Related CVEs | CVE-2024-0985 |
In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands.
For Debian 8 jessie, these problems have been fixed in version 9.4.26-0+deb8u9.
We recommend that you upgrade your postgresql-9.4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.