The documentation says the pg_signal_backend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum workers and those two launchers provides no meaningful exploit, so exploiting this vulnerability requires a non-core extension with a less-resilient background worker. For example, a non-core background worker that does not auto-restart would experience a denial of service with respect to that particular background worker. The PostgreSQL project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem.
This CVE is public now (lifting embargo...) https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249042] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249041] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249043] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249044] Created postgresql:14/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249045] Created postgresql:15/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2249046]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7545
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7579
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7580
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7581
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7616
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7656
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7667
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7666
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7694
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:7695 https://access.redhat.com/errata/RHSA-2023:7695
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7714 https://access.redhat.com/errata/RHSA-2023:7714
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:7770 https://access.redhat.com/errata/RHSA-2023:7770
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7772
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7784 https://access.redhat.com/errata/RHSA-2023:7784
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7785
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7885 https://access.redhat.com/errata/RHSA-2023:7885
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7883
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7884
This issue has been addressed in the following products: RHACS-3.74-RHEL-8 Via RHSA-2024:0304 https://access.redhat.com/errata/RHSA-2024:0304
This issue has been addressed in the following products: RHACS-4.1-RHEL-8 Via RHSA-2024:0332 https://access.redhat.com/errata/RHSA-2024:0332
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.2 Via RHSA-2024:0337 https://access.redhat.com/errata/RHSA-2024:0337