Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2022-1552

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)

Source

ALASPOSTGRESQL13-2023-002

Amazon Linux 2 Security Advisory: ALASPOSTGRESQL13-2023-002
Advisory Release Date: 2023-08-07 05:59 Pacific
Advisory Updated Date: 2023-09-25 22:07 Pacific

Severity: Important

References: CVE-2022-1552
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)

Affected Packages:

postgresql

Issue Correction:
Run yum update postgresql to update your system.

New Packages:

aarch64:
    postgresql-13.7-2.amzn2.0.1.aarch64
    postgresql-private-libs-13.7-2.amzn2.0.1.aarch64
    postgresql-private-devel-13.7-2.amzn2.0.1.aarch64
    postgresql-server-13.7-2.amzn2.0.1.aarch64
    postgresql-docs-13.7-2.amzn2.0.1.aarch64
    postgresql-contrib-13.7-2.amzn2.0.1.aarch64
    postgresql-server-devel-13.7-2.amzn2.0.1.aarch64
    postgresql-static-13.7-2.amzn2.0.1.aarch64
    postgresql-upgrade-13.7-2.amzn2.0.1.aarch64
    postgresql-upgrade-devel-13.7-2.amzn2.0.1.aarch64
    postgresql-plperl-13.7-2.amzn2.0.1.aarch64
    postgresql-plpython3-13.7-2.amzn2.0.1.aarch64
    postgresql-pltcl-13.7-2.amzn2.0.1.aarch64
    postgresql-test-13.7-2.amzn2.0.1.aarch64
    postgresql-llvmjit-13.7-2.amzn2.0.1.aarch64
    postgresql-debuginfo-13.7-2.amzn2.0.1.aarch64

noarch:
    postgresql-test-rpm-macros-13.7-2.amzn2.0.1.noarch

src:
    postgresql-13.7-2.amzn2.0.1.src

x86_64:
    postgresql-13.7-2.amzn2.0.1.x86_64
    postgresql-private-libs-13.7-2.amzn2.0.1.x86_64
    postgresql-private-devel-13.7-2.amzn2.0.1.x86_64
    postgresql-server-13.7-2.amzn2.0.1.x86_64
    postgresql-docs-13.7-2.amzn2.0.1.x86_64
    postgresql-contrib-13.7-2.amzn2.0.1.x86_64
    postgresql-server-devel-13.7-2.amzn2.0.1.x86_64
    postgresql-static-13.7-2.amzn2.0.1.x86_64
    postgresql-upgrade-13.7-2.amzn2.0.1.x86_64
    postgresql-upgrade-devel-13.7-2.amzn2.0.1.x86_64
    postgresql-plperl-13.7-2.amzn2.0.1.x86_64
    postgresql-plpython3-13.7-2.amzn2.0.1.x86_64
    postgresql-pltcl-13.7-2.amzn2.0.1.x86_64
    postgresql-test-13.7-2.amzn2.0.1.x86_64
    postgresql-llvmjit-13.7-2.amzn2.0.1.x86_64
    postgresql-debuginfo-13.7-2.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2022-1552

Mitre: CVE-2022-1552

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALASPOSTGRESQL13-2023-002

ALASPOSTGRESQL13-2023-002

Additional References

Vulmon Search

About

Products

Connect