REFRESH MATERIALIZED VIEW,
pg_amcheck made incomplete efforts to operate safely when a privileged user is
maintaining another user's objects. Those commands activated relevant
protections too late or not at all. An attacker having permission to create
non-temp objects in at least one schema could execute arbitrary SQL functions
under a superuser identity.
While promptly updating PostgreSQL is the best remediation for most users, a
user unable to do that can work around the vulnerability by disabling
autovacuum, not manually running the above commands, and not restoring from
output of the
pg_dump command. Performance may degrade quickly under this
VACUUM is safe, and all commands are fine when a trusted user
owns the target object.
The PostgreSQL project thanks Alexander Lakhin for reporting this problem.
|Affected Version||Fixed In||Fix Published|
If you wish to report a new security vulnerability in PostgreSQL, please send an email to firstname.lastname@example.org.
For reporting non-security bugs, please see the Report a Bug page.