This update for postgresql96 to 9.6.10 fixes the following issues: These security issues were fixed: - CVE-2018-10915: libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with quot;hostquot; or quot;hostaddrquot; connection parameters from untrusted input, attackers could have bypassed client-side connection security features, obtain access to higher privileged connections or potentially cause other impact SQL injection, by causing the PQescape functions to malfunction - CVE-2018-10925: Add missing authorization check on certain statements involved with quot;INSERT ... ON CONFLICT DO UPDATEquot;. An attacker with quot;CREATE TABLEquot; privileges could have exploited this to read arbitrary bytes server memory. If the attacker also had certain quot;INSERTquot; and limited quot;UPDATEquot; privileges to a particular table, they could have exploited this to update other columns in the same table For addition details please see https://www.postgresql.org/docs/current/static/release-9-6-10.html