| Package | postgresql-9.6 |
|---|---|
| Version | 9.6.24-0+deb9u4 (stretch) |
| Related CVEs | CVE-2023-2454 CVE-2023-2455 |
CVE-2023-2454:
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an attacker with elevated database-level privileges to execute arbitrary code.
CVE-2023-2455:
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.
For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u4.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.