ALASPOSTGRESQL14-2024-009

Amazon Linux 2 Security Advisory: ALASPOSTGRESQL14-2024-009
Advisory Release Date: 2024-02-29 00:57 Pacific
Advisory Updated Date: 2024-03-05 12:00 Pacific

Severity: Medium

References: CVE-2021-23222
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. (CVE-2021-23222)

Affected Packages:

libpq

Note:

This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libpq to update your system.

New Packages:

aarch64:
    libpq-14.1-2.amzn2.aarch64
    libpq-devel-14.1-2.amzn2.aarch64
    libpq-debuginfo-14.1-2.amzn2.aarch64

src:
    libpq-14.1-2.amzn2.src

x86_64:
    libpq-14.1-2.amzn2.x86_64
    libpq-devel-14.1-2.amzn2.x86_64
    libpq-debuginfo-14.1-2.amzn2.x86_64

Additional References

Red Hat: CVE-2021-23222

Mitre: CVE-2021-23222

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALASPOSTGRESQL14-2024-009

Additional References