ALASPOSTGRESQL14-2023-002

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)

aarch64:
    postgresql-14.3-2.amzn2.0.1.aarch64
    postgresql-server-14.3-2.amzn2.0.1.aarch64
    postgresql-docs-14.3-2.amzn2.0.1.aarch64
    postgresql-contrib-14.3-2.amzn2.0.1.aarch64
    postgresql-server-devel-14.3-2.amzn2.0.1.aarch64
    postgresql-static-14.3-2.amzn2.0.1.aarch64
    postgresql-upgrade-14.3-2.amzn2.0.1.aarch64
    postgresql-upgrade-devel-14.3-2.amzn2.0.1.aarch64
    postgresql-plperl-14.3-2.amzn2.0.1.aarch64
    postgresql-plpython3-14.3-2.amzn2.0.1.aarch64
    postgresql-pltcl-14.3-2.amzn2.0.1.aarch64
    postgresql-test-14.3-2.amzn2.0.1.aarch64
    postgresql-llvmjit-14.3-2.amzn2.0.1.aarch64
    postgresql-debuginfo-14.3-2.amzn2.0.1.aarch64

noarch:
    postgresql-test-rpm-macros-14.3-2.amzn2.0.1.noarch

src:
    postgresql-14.3-2.amzn2.0.1.src

x86_64:
    postgresql-14.3-2.amzn2.0.1.x86_64
    postgresql-server-14.3-2.amzn2.0.1.x86_64
    postgresql-docs-14.3-2.amzn2.0.1.x86_64
    postgresql-contrib-14.3-2.amzn2.0.1.x86_64
    postgresql-server-devel-14.3-2.amzn2.0.1.x86_64
    postgresql-static-14.3-2.amzn2.0.1.x86_64
    postgresql-upgrade-14.3-2.amzn2.0.1.x86_64
    postgresql-upgrade-devel-14.3-2.amzn2.0.1.x86_64
    postgresql-plperl-14.3-2.amzn2.0.1.x86_64
    postgresql-plpython3-14.3-2.amzn2.0.1.x86_64
    postgresql-pltcl-14.3-2.amzn2.0.1.x86_64
    postgresql-test-14.3-2.amzn2.0.1.x86_64
    postgresql-llvmjit-14.3-2.amzn2.0.1.x86_64
    postgresql-debuginfo-14.3-2.amzn2.0.1.x86_64