Extension scripts replace objects not belonging to the extension. Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands. Some don't adhere to the documented rule to target only objects known to be extension members already. An attack requires permission to create non-temporary objects in at least one schema, ability to lure or wait for an administrator to create or update an affected extension in that schema, and ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, the attacker can run arbitrary code as the victim role, which may be a superuser. Known-affected extensions include both PostgreSQL-bundled and non-bundled extensions. PostgreSQL is blocking this attack in the core server, so there's no need to modify individual extensions.
http://www.postgresql.org/about/news/postgresql-145-138-1212-1117-1022-and-15-beta-3-released-2496/
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119248] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119249] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119250] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119251] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119252] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119253] Created postgresql:14/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2119254]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7128 http://access.redhat.com/errata/RHSA-2022:7128
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): http://access.redhat.com/security/cve/cve-2022-2625
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0113 http://access.redhat.com/errata/RHSA-2023:0113
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:0160 http://access.redhat.com/errata/RHSA-2023:0160
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1576 http://access.redhat.com/errata/RHSA-2023:1576
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1693 http://access.redhat.com/errata/RHSA-2023:1693
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7545 http://access.redhat.com/errata/RHSA-2023:7545
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7580 http://access.redhat.com/errata/RHSA-2023:7580
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:7667 http://access.redhat.com/errata/RHSA-2023:7667
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7694 http://access.redhat.com/errata/RHSA-2023:7694
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7695 http://access.redhat.com/errata/RHSA-2023:7695