-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3764-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk March 18, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : postgresql-11 Version : 11.22-0+deb10u2 CVE ID : CVE-2024-0985 In the PostgreSQL database server, a late privilege drop in the REFRESH MATERIALIZED VIEW CONCURRENTLY command could allow an attacker to trick a user with higher privileges to run SQL commands. For Debian 10 buster, this problem has been fixed in version 11.22-0+deb10u2. We recommend that you upgrade your postgresql-11 packages. For the detailed security status of postgresql-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-11 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX4Yg4ACgkQiNJCh6LY mLEIJg/+OfExJJZecgBVJtTu1n+D9sGUALx7+R6pcQrWSzXQR+7S5LePTPVuk7gS EliV7Dled3K09h2RxgmNTsjOR7GjPt44Hp4F64R8OgeWJmmFrdu+ZYq/YfdBzhL4 eZS6fvwJgF2IuGfpYPCtk2oyrLtTggx9xQvzY/97G0X7MbK+C6gHZNswlU0l3OBk XpC6KpqM+YDXQa95/YKzocNE24GW0bwyZXL0FBjfQooS1XxBb4rMPPCJpbX4E+6e +RNkiWy0Pt/s04UvkzsL7iQ3Jfddq1Slhgl3NlSl/232/t3yGPaNysoMTtwr1YpI ZvCRPntQFDff9tyI22N++0FSEhY7Z+vhKKXtNJq9ZtYz/4mX7rgY13bUZt9SF6EV SypTdXNJf9C+/cIHNM0wCPIo0Nx6170phjrVEuVTRQETZVHAMJ6O6kDgKvfpkV3k 1kzvYTIfByHFfmvaZjrfdAi1v4D5MHlRMy78PYGVt1kbrk0sxGMlWWr2TcKol0j9 4d1hokCoWLTCewfXehLxYNMHUZ7CiXJ9m1wm5WzUa1ONPHiIu3PqS1rPzR5HiQNl yYcDSe1a8CEKJtalSU7o1bYzBruZ0G6YGjnPsLxXBpq313BvrKxMyvQmoHFWSGnV BTH5pFvhlkk0LUBOI3FColt22iq85Xdseuy0z3K+Lv4mHxjsOyM= =btd4 -----END PGP SIGNATURE-----