Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)

Source

ALAS2-2022-1843

Amazon Linux 2 Security Advisory: ALAS-2022-1843
Advisory Release Date: 2022-09-01 21:09 Pacific
Advisory Updated Date: 2022-09-14 00:02 Pacific

Severity: Important

References: CVE-2022-1552

Issue Overview:

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)

Affected Packages:

postgresql

Issue Correction:
Run yum update postgresql to update your system.

New Packages:

aarch64:
    postgresql-9.2.24-8.amzn2.aarch64
    postgresql-libs-9.2.24-8.amzn2.aarch64
    postgresql-server-9.2.24-8.amzn2.aarch64
    postgresql-docs-9.2.24-8.amzn2.aarch64
    postgresql-contrib-9.2.24-8.amzn2.aarch64
    postgresql-devel-9.2.24-8.amzn2.aarch64
    postgresql-static-9.2.24-8.amzn2.aarch64
    postgresql-upgrade-9.2.24-8.amzn2.aarch64
    postgresql-plperl-9.2.24-8.amzn2.aarch64
    postgresql-plpython-9.2.24-8.amzn2.aarch64
    postgresql-pltcl-9.2.24-8.amzn2.aarch64
    postgresql-test-9.2.24-8.amzn2.aarch64
    postgresql-debuginfo-9.2.24-8.amzn2.aarch64

i686:
    postgresql-9.2.24-8.amzn2.i686
    postgresql-libs-9.2.24-8.amzn2.i686
    postgresql-server-9.2.24-8.amzn2.i686
    postgresql-docs-9.2.24-8.amzn2.i686
    postgresql-contrib-9.2.24-8.amzn2.i686
    postgresql-devel-9.2.24-8.amzn2.i686
    postgresql-static-9.2.24-8.amzn2.i686
    postgresql-upgrade-9.2.24-8.amzn2.i686
    postgresql-plperl-9.2.24-8.amzn2.i686
    postgresql-plpython-9.2.24-8.amzn2.i686
    postgresql-pltcl-9.2.24-8.amzn2.i686
    postgresql-test-9.2.24-8.amzn2.i686
    postgresql-debuginfo-9.2.24-8.amzn2.i686

src:
    postgresql-9.2.24-8.amzn2.src

x86_64:
    postgresql-9.2.24-8.amzn2.x86_64
    postgresql-libs-9.2.24-8.amzn2.x86_64
    postgresql-server-9.2.24-8.amzn2.x86_64
    postgresql-docs-9.2.24-8.amzn2.x86_64
    postgresql-contrib-9.2.24-8.amzn2.x86_64
    postgresql-devel-9.2.24-8.amzn2.x86_64
    postgresql-static-9.2.24-8.amzn2.x86_64
    postgresql-upgrade-9.2.24-8.amzn2.x86_64
    postgresql-plperl-9.2.24-8.amzn2.x86_64
    postgresql-plpython-9.2.24-8.amzn2.x86_64
    postgresql-pltcl-9.2.24-8.amzn2.x86_64
    postgresql-test-9.2.24-8.amzn2.x86_64
    postgresql-debuginfo-9.2.24-8.amzn2.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2022-1843

ALAS2-2022-1843

Vulmon Search

About

Products

Connect