ALAS-2024-464

Amazon Linux 2023 Security Advisory: ALAS-2024-464
Advisory Release Date: 2024-01-03 23:20 Pacific
Advisory Updated Date: 2024-01-08 21:03 Pacific
Severity: Important
Issue Overview:

Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out viability of attacks that arrange for presence of notable, confidential information in disclosed bytes. (CVE-2023-5868)

While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution. Missing overflow checks also let authenticated database users read a wide area of server memory. The CVE-2021-32027 fix covered some attacks of this description, but it missed others. (CVE-2023-5869)

The documentation says the pg_cancel_backend role cannot signal "a backend owned by a superuser". On the contrary, it can signal background workers, including the logical replication launcher. It can signal autovacuum workers and the autovacuum launcher. Signaling autovacuum workers and those two launchers provides no meaningful exploit, so exploiting this vulnerability requires a non-core extension with a less-resilient background worker. For example, a non-core background worker that does not auto-restart would experience a denial of service with respect to that particular background worker. (CVE-2023-5870)


Affected Packages:

postgresql15


Issue Correction:
Run dnf update postgresql15 --releasever 2023.3.20240108 to update your system.

New Packages:
aarch64:
    postgresql15-private-devel-15.5-1.amzn2023.0.1.aarch64
    postgresql15-plperl-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-server-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-docs-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-private-libs-15.5-1.amzn2023.0.1.aarch64
    postgresql15-private-libs-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-pltcl-15.5-1.amzn2023.0.1.aarch64
    postgresql15-pltcl-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-test-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-upgrade-devel-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-static-15.5-1.amzn2023.0.1.aarch64
    postgresql15-llvmjit-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-upgrade-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-test-15.5-1.amzn2023.0.1.aarch64
    postgresql15-server-devel-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-llvmjit-15.5-1.amzn2023.0.1.aarch64
    postgresql15-contrib-15.5-1.amzn2023.0.1.aarch64
    postgresql15-plpython3-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-contrib-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-upgrade-devel-15.5-1.amzn2023.0.1.aarch64
    postgresql15-plpython3-15.5-1.amzn2023.0.1.aarch64
    postgresql15-plperl-15.5-1.amzn2023.0.1.aarch64
    postgresql15-15.5-1.amzn2023.0.1.aarch64
    postgresql15-server-15.5-1.amzn2023.0.1.aarch64
    postgresql15-debuginfo-15.5-1.amzn2023.0.1.aarch64
    postgresql15-upgrade-15.5-1.amzn2023.0.1.aarch64
    postgresql15-server-devel-15.5-1.amzn2023.0.1.aarch64
    postgresql15-docs-15.5-1.amzn2023.0.1.aarch64
    postgresql15-debugsource-15.5-1.amzn2023.0.1.aarch64

noarch:
    postgresql15-test-rpm-macros-15.5-1.amzn2023.0.1.noarch

src:
    postgresql15-15.5-1.amzn2023.0.1.src

x86_64:
    postgresql15-upgrade-devel-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-contrib-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-docs-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-plperl-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-static-15.5-1.amzn2023.0.1.x86_64
    postgresql15-pltcl-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-plpython3-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-private-devel-15.5-1.amzn2023.0.1.x86_64
    postgresql15-test-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-plperl-15.5-1.amzn2023.0.1.x86_64
    postgresql15-server-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-server-devel-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-upgrade-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-test-15.5-1.amzn2023.0.1.x86_64
    postgresql15-private-libs-15.5-1.amzn2023.0.1.x86_64
    postgresql15-upgrade-devel-15.5-1.amzn2023.0.1.x86_64
    postgresql15-private-libs-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-llvmjit-15.5-1.amzn2023.0.1.x86_64
    postgresql15-llvmjit-debuginfo-15.5-1.amzn2023.0.1.x86_64
    postgresql15-pltcl-15.5-1.amzn2023.0.1.x86_64
    postgresql15-upgrade-15.5-1.amzn2023.0.1.x86_64
    postgresql15-plpython3-15.5-1.amzn2023.0.1.x86_64
    postgresql15-contrib-15.5-1.amzn2023.0.1.x86_64
    postgresql15-15.5-1.amzn2023.0.1.x86_64
    postgresql15-server-15.5-1.amzn2023.0.1.x86_64
    postgresql15-server-devel-15.5-1.amzn2023.0.1.x86_64
    postgresql15-docs-15.5-1.amzn2023.0.1.x86_64
    postgresql15-debugsource-15.5-1.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870

Mitre: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870