ELA-518-1 postgresql-9.4 security update

query injection

2021-11-18
Packagepostgresql-9.4
Version9.4.26-0+deb8u5
Related CVEs CVE-2021-23214 CVE-2021-23222

Jacob Champion discovered that PostgreSQL, an object-relational SQL database, may process unencrypted bytes from a database connection even if it is encrypted. A man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established.

For Debian 8 jessie, these problems have been fixed in version 9.4.26-0+deb8u5.

We recommend that you upgrade your postgresql-9.4 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/