ELA-518-1 postgresql-9.4 security update

query injection

Related CVEs CVE-2021-23214 CVE-2021-23222

Jacob Champion discovered that PostgreSQL, an object-relational SQL database, may process unencrypted bytes from a database connection even if it is encrypted. A man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established.

For Debian 8 jessie, these problems have been fixed in version 9.4.26-0+deb8u5.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support