| Package | postgresql-9.6 |
|---|---|
| Version | 9.6.24-0+deb9u2 (stretch) |
| Related CVEs | CVE-2022-2625 CVE-2022-1552 |
-
CVE-2022-2625
Sven Klemm found that some extensions in the PostgreSQL database system could replace objects not belonging to the extension. An attacker could leverage this to run arbitrary commands as another user.
-
CVE-2022-1552
Alexander Lakhin discovered that the autovacuum feature and multiple commands could escape the “security-restricted operation” sandbox.
For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u2.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.