ELA-482-1 postgresql-9.4 security update

multiple vulnerabilities

2021-09-10
Packagepostgresql-9.4
Version9.4.26-0+deb8u4
Related CVEs CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 CVE-2021-32027

Several vulnerabilities were discovered in PostgreSQL, an object-relational SQL database. An attacker could have an opportunity to complete a MITM attack, execute arbitrary SQL functions under the identity of a superuser, execute arbitrary code as the operating system account running psql when connecting to a rogue server, and corrupt server memory, in some conditions.

For Debian 8 jessie, these problems have been fixed in version 9.4.26-0+deb8u4.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/