Amazon Linux 2 Security Advisory: ALASPOSTGRESQL14-2024-011
Advisory Release Date: 2024-06-06 20:37 Pacific
Advisory Updated Date: 2024-06-12 00:42 Pacific
Severity:
Low
Issue Overview:
postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks (CVE-2024-4317)
Affected Packages:
postgresql
Note:
This advisory is applicable to Amazon Linux 2 - Postgresql14 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update postgresql to update your system.
New Packages:
aarch64:
postgresql-14.12-1.amzn2.0.1.aarch64
postgresql-server-14.12-1.amzn2.0.1.aarch64
postgresql-docs-14.12-1.amzn2.0.1.aarch64
postgresql-contrib-14.12-1.amzn2.0.1.aarch64
postgresql-server-devel-14.12-1.amzn2.0.1.aarch64
postgresql-static-14.12-1.amzn2.0.1.aarch64
postgresql-upgrade-14.12-1.amzn2.0.1.aarch64
postgresql-upgrade-devel-14.12-1.amzn2.0.1.aarch64
postgresql-plperl-14.12-1.amzn2.0.1.aarch64
postgresql-plpython3-14.12-1.amzn2.0.1.aarch64
postgresql-pltcl-14.12-1.amzn2.0.1.aarch64
postgresql-test-14.12-1.amzn2.0.1.aarch64
postgresql-llvmjit-14.12-1.amzn2.0.1.aarch64
postgresql-debuginfo-14.12-1.amzn2.0.1.aarch64
noarch:
postgresql-test-rpm-macros-14.12-1.amzn2.0.1.noarch
src:
postgresql-14.12-1.amzn2.0.1.src
x86_64:
postgresql-14.12-1.amzn2.0.1.x86_64
postgresql-server-14.12-1.amzn2.0.1.x86_64
postgresql-docs-14.12-1.amzn2.0.1.x86_64
postgresql-contrib-14.12-1.amzn2.0.1.x86_64
postgresql-server-devel-14.12-1.amzn2.0.1.x86_64
postgresql-static-14.12-1.amzn2.0.1.x86_64
postgresql-upgrade-14.12-1.amzn2.0.1.x86_64
postgresql-upgrade-devel-14.12-1.amzn2.0.1.x86_64
postgresql-plperl-14.12-1.amzn2.0.1.x86_64
postgresql-plpython3-14.12-1.amzn2.0.1.x86_64
postgresql-pltcl-14.12-1.amzn2.0.1.x86_64
postgresql-test-14.12-1.amzn2.0.1.x86_64
postgresql-llvmjit-14.12-1.amzn2.0.1.x86_64
postgresql-debuginfo-14.12-1.amzn2.0.1.x86_64