ArchLinux: 201803-9: postgresql: privilege escalation
Summary
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
Resolution
Upgrade to 10.3-1.
# pacman -Syu "postgresql>=10.3-1"
The problem has been fixed upstream in version 10.3.
References
https://www.postgresql.org/about/news/postgresql-103-968-9512-9417-and-9322-released-1834/ https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path https://security.archlinux.org/CVE-2018-1058
Workaround
None.