Debian Security Advisory
DLA-3651-1 postgresql-11 -- LTS security update
- Date Reported:
- 14 Nov 2023
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870.
- More information:
Several vulnerabilities have been discovered in the PostgreSQL database system.
Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls.
Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions.
Hemanth Sandrana and Mahendrakar Srinivasarao reported that the pg_cancel_backend role can signal certain superuser processes, potentially resulting in denial of service.
For Debian 10 buster, these problems have been fixed in version 11.22-0+deb10u1.
We recommend that you upgrade your postgresql-11 packages.
For the detailed security status of postgresql-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-11
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS