Ubuntu Security Notice 6296-1 - It was discovered that PostgreSQL incorrectly handled certain extension script substitutions. An attacker having database-level CREATE privileges can use this issue to execute arbitrary code as the bootstrap superuser. It was discovered that PostgreSQL incorrectly handled the MERGE command. A remote attacker could possibly use this issue to bypass certain UPDATE and SELECT policies. This issue only affected Ubuntu 23.04.
d61a8bea7f7e574c96086c8debf6f8fa1d35ce1c1e01e40a1d8c29820098519a