[SECURITY] [DLA 3072-1] postgresql-11 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3072-1] postgresql-11 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 11 Aug 2022 18:01:45 +0200 (CEST)
Message-id: <[🔎] 20220811160145.AFC332A082E@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3072-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
August 11, 2022                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : postgresql-11
Version        : 11.17-0+deb10u1
CVE ID         : CVE-2022-2625

Sven Klemm found that some extensions in the PostgreSQL database system
could replace objects not belonging to the extension. An attacker could
leverage this to run arbitrary commands as another user.

For Debian 10 buster, this problem has been fixed in version
11.17-0+deb10u1.

We recommend that you upgrade your postgresql-11 packages.

For the detailed security status of postgresql-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-11

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmL1J+YACgkQnUbEiOQ2
gwISWhAAx80oc3oM+0pqv4zm/kaQpmYDGBoc9Xzvn9uw6QVruQdLB+kgXucg7zRV
11s95Eqpmn0rBUHmBZjqhi2+UI1+VuCrmJ+QVFyqtjSs/oPDZZMqxDB7nLOickTZ
lgeSlg3wpTAmqZHcjEk3aRcb7rmCQ2tKwW8aisJ68o92RMED6ijw0jd6Y0cdvzga
d9HeMg+RBdIc+IBW1WEcHirMAuLMjF9++3wcPAsugyyBvdXZF4BDWXP5Uvg/RpzB
umY6qtFfaMLKJ4B9MnwIUDVjIm9LCI8O6wQjwFg0mPdyhgEfNxDi/yCfL7qZQrIL
vSC988SRYkWlehY3hLKQJVFM7mYpA3vbadL1DU96eZXt8mI6pqi20iil/YNMh1T6
5k6DwdPX1TqYJcBlJMJpF3kHutTEYaGu2xRdnIGYZoUzEe4JiCQY22BONKC64X2p
tfsZMpCDN2tscf68ky5pGulJOphrNq18xDA9SwvAllUcQJU+uq74YX4s/9EUGyw0
WOnGJ/J5tAYE71ZB1kKKWsi9DmFox86GRQq4bIA0R1xib8XZuzVT8t0tm5FM/fBS
cd5OUa276LPcnN+WNV4pXHxaCrTBqwvwerir41At4/Uci5QoqvhDsziBI+YCPK+G
ATgQX9VqM/3kDrSX/+v/Tz2kK+W9alMOP7I1gupk+NuGeqyQDcg=
=ROiT
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3070-1] gnutls28 security update
Next by Date: [SECURITY] [DLA 3071-1] libtirpc security update
Previous by thread: [SECURITY] [DLA 3070-1] gnutls28 security update
Next by thread: [SECURITY] [DLA 3071-1] libtirpc security update
Index(es):
- Date
- Thread