diff --git a/optional/postgresql/Dockerfile b/optional/postgresql/Dockerfile
index 95048147..ff25a66f 100644
--- a/optional/postgresql/Dockerfile
+++ b/optional/postgresql/Dockerfile
@@ -3,6 +3,7 @@ FROM $DISTRO
 # python3 shared with most images
 RUN apk add --no-cache \
     python3 py3-pip bash py3-multidict \
+  && apk add --upgrade sudo \
   && pip3 install --upgrade pip
 
 # Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube
diff --git a/towncrier/newsfragments/1760.bugfix b/towncrier/newsfragments/1760.bugfix
new file mode 100644
index 00000000..9d6f38af
--- /dev/null
+++ b/towncrier/newsfragments/1760.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2021-23240, CVE-2021-3156 and CVE-2021-23239 for postgresql
+by force-upgrading sudo.