Amazon Linux 2022 Security Advisory: ALAS-2022-190
Advisory Release Date: 2022-11-01 21:24 Pacific
Advisory Updated Date: 2022-11-03 20:58 Pacific
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. (CVE-2022-1552)
Affected Packages:
postgresql14
Issue Correction:
Run dnf update postgresql14 --releasever=2022.0.20221102 to update your system.
aarch64:
postgresql14-llvmjit-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-plperl-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-static-14.3-2.amzn2022.0.2.aarch64
postgresql14-test-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-upgrade-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-pltcl-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-contrib-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-plperl-14.3-2.amzn2022.0.2.aarch64
postgresql14-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-plpython3-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-private-libs-14.3-2.amzn2022.0.2.aarch64
postgresql14-pltcl-14.3-2.amzn2022.0.2.aarch64
postgresql14-docs-14.3-2.amzn2022.0.2.aarch64
postgresql14-private-devel-14.3-2.amzn2022.0.2.aarch64
postgresql14-server-14.3-2.amzn2022.0.2.aarch64
postgresql14-test-14.3-2.amzn2022.0.2.aarch64
postgresql14-upgrade-devel-14.3-2.amzn2022.0.2.aarch64
postgresql14-docs-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-contrib-14.3-2.amzn2022.0.2.aarch64
postgresql14-server-devel-14.3-2.amzn2022.0.2.aarch64
postgresql14-private-libs-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-server-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-upgrade-14.3-2.amzn2022.0.2.aarch64
postgresql14-upgrade-devel-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-plpython3-14.3-2.amzn2022.0.2.aarch64
postgresql14-server-devel-debuginfo-14.3-2.amzn2022.0.2.aarch64
postgresql14-llvmjit-14.3-2.amzn2022.0.2.aarch64
postgresql14-14.3-2.amzn2022.0.2.aarch64
postgresql14-debugsource-14.3-2.amzn2022.0.2.aarch64
noarch:
postgresql14-test-rpm-macros-14.3-2.amzn2022.0.2.noarch
src:
postgresql14-14.3-2.amzn2022.0.2.src
x86_64:
postgresql14-pltcl-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-docs-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-pltcl-14.3-2.amzn2022.0.2.x86_64
postgresql14-14.3-2.amzn2022.0.2.x86_64
postgresql14-test-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-llvmjit-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-plperl-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-test-14.3-2.amzn2022.0.2.x86_64
postgresql14-plpython3-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-server-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-private-libs-14.3-2.amzn2022.0.2.x86_64
postgresql14-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-private-devel-14.3-2.amzn2022.0.2.x86_64
postgresql14-private-libs-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-upgrade-devel-14.3-2.amzn2022.0.2.x86_64
postgresql14-server-devel-14.3-2.amzn2022.0.2.x86_64
postgresql14-llvmjit-14.3-2.amzn2022.0.2.x86_64
postgresql14-plpython3-14.3-2.amzn2022.0.2.x86_64
postgresql14-server-devel-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-docs-14.3-2.amzn2022.0.2.x86_64
postgresql14-upgrade-devel-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-contrib-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-static-14.3-2.amzn2022.0.2.x86_64
postgresql14-plperl-14.3-2.amzn2022.0.2.x86_64
postgresql14-contrib-14.3-2.amzn2022.0.2.x86_64
postgresql14-upgrade-debuginfo-14.3-2.amzn2022.0.2.x86_64
postgresql14-server-14.3-2.amzn2022.0.2.x86_64
postgresql14-upgrade-14.3-2.amzn2022.0.2.x86_64
postgresql14-debugsource-14.3-2.amzn2022.0.2.x86_64