—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
– ————————————————————————-
Debian Security Advisory DSA-4028-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 09, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : postgresql-9.6
CVE ID : CVE-2017-15098 CVE-2017-15099
Several vulnerabilities have been found in the PostgreSQL database system:
CVE-2017-15098
Denial of service and potential memory disclosure in the
json_populate_recordset() and jsonb_populate_recordset() functions
CVE-2017-15099
Insufficient permissions checks in “INSERT … ON CONFLICT DO UPDATE”
statements.
For the stable distribution (stretch), these problems have been fixed in
version 9.6.6-0+deb9u1.
We recommend that you upgrade your postgresql-9.6 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloEyhkACgkQEMKTtsN8
TjZUXBAAsMxeyYPoaLqEnt31LCiRyj6k6/1JzbFrSAjDB6FdxVpgeO/29SeLpzff
AxrrzulT7OwdJ7DLCNbByhA2a3lY0FKAregRXrbao4fw7DuUSVUnkZ/6kvV3CFUq
VeM/IIb06438GelxuyljkgefRFoe22w1ZsYxVSCLgUicTuraU7oHSE9L+cXRGHNh
+yvL9augnnD8uJxmtv5P/MCiX5SBFoS+krU29bdvRrVjCMkR8CfhVwYoUd05DBtW
f+gkPp8C9kLJq6VqbcAG9rRFmYtGL/74Q9M98s+hoco1c0CtNXpYDMmqCHtDPCYC
10m0joxZsD3sxyYTgftATZ4lrRRN0jF/fmGpqY+//QppJTr9hkQlEysKS8e6ckAa
jRiI/oyjwlo9C4B3sTza2vxwx2odoqtIqYj55JdH/YaXoraw6xafSBpF94iGjr0H
UarIPZDJWc78Uz+gbp5AB3Hh1+Hi/cCR+KjrRUc187AplTRcE4P1b8fc9HES+hWZ
Gc9eRl7xe3qLRR+18iM9AKkAIXpXrjvLdEq1OIS0TszSK/LkqXVMoRgJS4sLmIkE
b85xESzzHrIFpOvy2+eeZqyOJZSd7zeueIrxB91xWTH4JgnQQ5Bo0eg75JAQx7QT
TcoK75HfhGAp6fwiDOSmuYyszqMngQhxPp4eovlfDPeJTeaASE8=
=O8DQ
—–END PGP SIGNATURE—–