Vulnerability in PostgreSQL server
We get contacted by EGI security to comment on PostgreSQL vulnerability CVE-2022-1552.
The dCache itself is not affected. Moreover, the most of the installations do not share postgresql used by dCache with other services, thus there are no other users ‘having permission to create non-temp objects’ on the same DB.
Nonetheless, we encourage sites to update the postgresql servers to recommended
at the next possible maintenance slot.