Vulnerability in PostgreSQL server

info

We get contacted by EGI security to comment on PostgreSQL vulnerability CVE-2022-1552.

The dCache itself is not affected. Moreover, the most of the installations do not share postgresql used by dCache with other services, thus there are no other users ‘having permission to create non-temp objects’ on the same DB.

Nonetheless, we encourage sites to update the postgresql servers to recommended versions at the next possible maintenance slot.