Debian: DSA-4269-1: postgresql-9.6 security update
Debian: DSA-4269-1: postgresql-9.6 security update
Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4269-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2018-10915 CVE-2018-10925 Two vulnerabilities have been found in the PostgreSQL database system: CVE-2018-10915 Andrew Krasichkov discovered that libpq did not reset all its connection state during reconnects. CVE-2018-10925 It was discovered that some "CREATE TABLE" statements could disclose server memory. For additional information please refer to the upstream announcement at https://www.postgresql.org/about/news/1878/ For the stable distribution (stretch), these problems have been fixed in version 9.6.10-0+deb9u1. We recommend that you upgrade your postgresql-9.6 packages. For the detailed security status of postgresql-9.6 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-9.6 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.