This bug was fixed in the package postgresql-10 - 10.21-0ubuntu0.18.04.1 --------------- postgresql-10 (10.21-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream version (LP: #1973627). + A dump/restore is not required for those running 10.X. + However, if you are upgrading from a version earlier than 10.19, see those release notes as well please. + Confine additional operations within "security restricted operation" sandboxes (Sergey Shinderuk, Noah Misch). Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW, and pg_amcheck activated the "security restricted operation" protection mechanism too late, or even not at all in some code paths. A user having permission to create non-temporary objects within a database could define an object that would execute arbitrary SQL code with superuser permissions the next time that autovacuum processed the object, or that some superuser ran one of the affected commands against it. The PostgreSQL Project thanks Alexander Lakhin for reporting this problem. (CVE-2022-1552) + Details about these and many further changes can be found at: https://www.postgresql.org/docs/10/release-10-21.html -- Sergio Durigan Junior <sergio.duri...@canonical.com> Tue, 17 May 2022 21:58:23 -0400 ** Changed in: postgresql-10 (Ubuntu Bionic) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1552 ** Changed in: postgresql-13 (Ubuntu Impish) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973627 Title: New upstream microreleases 10.21, 12.11, 13.7 and 14.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-10/+bug/1973627/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs