Amazon Linux 2 Security Advisory: ALASPOSTGRESQL14-2024-008
Advisory Release Date: 2024-02-29 00:57 Pacific
Advisory Updated Date: 2024-03-05 12:00 Pacific
Severity:
Medium
Issue Overview:
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. (CVE-2021-23222)
Affected Packages:
postgresql
Note:
This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update postgresql to update your system.
New Packages:
aarch64:
postgresql-14.1-3.amzn2.0.1.aarch64
postgresql-server-14.1-3.amzn2.0.1.aarch64
postgresql-docs-14.1-3.amzn2.0.1.aarch64
postgresql-contrib-14.1-3.amzn2.0.1.aarch64
postgresql-server-devel-14.1-3.amzn2.0.1.aarch64
postgresql-static-14.1-3.amzn2.0.1.aarch64
postgresql-upgrade-14.1-3.amzn2.0.1.aarch64
postgresql-upgrade-devel-14.1-3.amzn2.0.1.aarch64
postgresql-plperl-14.1-3.amzn2.0.1.aarch64
postgresql-plpython3-14.1-3.amzn2.0.1.aarch64
postgresql-pltcl-14.1-3.amzn2.0.1.aarch64
postgresql-test-14.1-3.amzn2.0.1.aarch64
postgresql-llvmjit-14.1-3.amzn2.0.1.aarch64
postgresql-debuginfo-14.1-3.amzn2.0.1.aarch64
noarch:
postgresql-test-rpm-macros-14.1-3.amzn2.0.1.noarch
src:
postgresql-14.1-3.amzn2.0.1.src
x86_64:
postgresql-14.1-3.amzn2.0.1.x86_64
postgresql-server-14.1-3.amzn2.0.1.x86_64
postgresql-docs-14.1-3.amzn2.0.1.x86_64
postgresql-contrib-14.1-3.amzn2.0.1.x86_64
postgresql-server-devel-14.1-3.amzn2.0.1.x86_64
postgresql-static-14.1-3.amzn2.0.1.x86_64
postgresql-upgrade-14.1-3.amzn2.0.1.x86_64
postgresql-upgrade-devel-14.1-3.amzn2.0.1.x86_64
postgresql-plperl-14.1-3.amzn2.0.1.x86_64
postgresql-plpython3-14.1-3.amzn2.0.1.x86_64
postgresql-pltcl-14.1-3.amzn2.0.1.x86_64
postgresql-test-14.1-3.amzn2.0.1.x86_64
postgresql-llvmjit-14.1-3.amzn2.0.1.x86_64
postgresql-debuginfo-14.1-3.amzn2.0.1.x86_64