Your submission was sent successfully! Close

USN-5440-1: PostgreSQL vulnerability

24 May 2022

PostgreSQL could be made to execute commands as the superuser.




Alexander Lakhin discovered that PostgreSQL incorrectly handled the
security restricted operation sandbox when a privileged user is maintaining
another user's objects. An attacker having permission to create non-temp
objects can use this issue to execute arbitrary commands as the superuser.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04
Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.