Vulmon
Amazon Linux 2 Security Advisory: ALASPOSTGRESQL14-2023-003
Advisory Release Date: 2023-09-06 18:59 Pacific
Advisory Updated Date: 2023-09-25 22:05 Pacific
Severity:
Important
Issue Overview:
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. (CVE-2023-39417)
Affected Packages:
postgresql
Issue Correction:
Run yum update postgresql to update your system.
New Packages:
aarch64:
postgresql-14.8-1.amzn2.0.2.aarch64
postgresql-server-14.8-1.amzn2.0.2.aarch64
postgresql-docs-14.8-1.amzn2.0.2.aarch64
postgresql-contrib-14.8-1.amzn2.0.2.aarch64
postgresql-server-devel-14.8-1.amzn2.0.2.aarch64
postgresql-static-14.8-1.amzn2.0.2.aarch64
postgresql-upgrade-14.8-1.amzn2.0.2.aarch64
postgresql-upgrade-devel-14.8-1.amzn2.0.2.aarch64
postgresql-plperl-14.8-1.amzn2.0.2.aarch64
postgresql-plpython3-14.8-1.amzn2.0.2.aarch64
postgresql-pltcl-14.8-1.amzn2.0.2.aarch64
postgresql-test-14.8-1.amzn2.0.2.aarch64
postgresql-llvmjit-14.8-1.amzn2.0.2.aarch64
postgresql-debuginfo-14.8-1.amzn2.0.2.aarch64
noarch:
postgresql-test-rpm-macros-14.8-1.amzn2.0.2.noarch
src:
postgresql-14.8-1.amzn2.0.2.src
x86_64:
postgresql-14.8-1.amzn2.0.2.x86_64
postgresql-server-14.8-1.amzn2.0.2.x86_64
postgresql-docs-14.8-1.amzn2.0.2.x86_64
postgresql-contrib-14.8-1.amzn2.0.2.x86_64
postgresql-server-devel-14.8-1.amzn2.0.2.x86_64
postgresql-static-14.8-1.amzn2.0.2.x86_64
postgresql-upgrade-14.8-1.amzn2.0.2.x86_64
postgresql-upgrade-devel-14.8-1.amzn2.0.2.x86_64
postgresql-plperl-14.8-1.amzn2.0.2.x86_64
postgresql-plpython3-14.8-1.amzn2.0.2.x86_64
postgresql-pltcl-14.8-1.amzn2.0.2.x86_64
postgresql-test-14.8-1.amzn2.0.2.x86_64
postgresql-llvmjit-14.8-1.amzn2.0.2.x86_64
postgresql-debuginfo-14.8-1.amzn2.0.2.x86_64