Amazon Linux 2023 Security Advisory: ALAS2023-2023-322
Advisory Released Date: 2023-09-07
Advisory Updated Date: 2023-09-07
Severity:
Important
Issue Overview:
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. (CVE-2023-39417)
Affected Packages:
postgresql15
Issue Correction:
Run dnf update postgresql15 --releasever 2023.1.20230906 to update your system.
New Packages:
aarch64:
postgresql15-server-devel-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-server-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-pltcl-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-upgrade-devel-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-llvmjit-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-private-devel-15.0-1.amzn2023.0.4.aarch64
postgresql15-plpython3-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-15.0-1.amzn2023.0.4.aarch64
postgresql15-private-libs-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-contrib-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-private-libs-15.0-1.amzn2023.0.4.aarch64
postgresql15-plpython3-15.0-1.amzn2023.0.4.aarch64
postgresql15-test-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-server-15.0-1.amzn2023.0.4.aarch64
postgresql15-upgrade-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-static-15.0-1.amzn2023.0.4.aarch64
postgresql15-docs-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-upgrade-15.0-1.amzn2023.0.4.aarch64
postgresql15-upgrade-devel-15.0-1.amzn2023.0.4.aarch64
postgresql15-server-devel-15.0-1.amzn2023.0.4.aarch64
postgresql15-plperl-debuginfo-15.0-1.amzn2023.0.4.aarch64
postgresql15-contrib-15.0-1.amzn2023.0.4.aarch64
postgresql15-pltcl-15.0-1.amzn2023.0.4.aarch64
postgresql15-llvmjit-15.0-1.amzn2023.0.4.aarch64
postgresql15-test-15.0-1.amzn2023.0.4.aarch64
postgresql15-plperl-15.0-1.amzn2023.0.4.aarch64
postgresql15-docs-15.0-1.amzn2023.0.4.aarch64
postgresql15-debugsource-15.0-1.amzn2023.0.4.aarch64
noarch:
postgresql15-test-rpm-macros-15.0-1.amzn2023.0.4.noarch
src:
postgresql15-15.0-1.amzn2023.0.4.src
x86_64:
postgresql15-upgrade-devel-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-private-libs-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-llvmjit-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-server-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-test-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-plperl-15.0-1.amzn2023.0.4.x86_64
postgresql15-plpython3-15.0-1.amzn2023.0.4.x86_64
postgresql15-server-devel-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-docs-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-test-15.0-1.amzn2023.0.4.x86_64
postgresql15-pltcl-15.0-1.amzn2023.0.4.x86_64
postgresql15-15.0-1.amzn2023.0.4.x86_64
postgresql15-static-15.0-1.amzn2023.0.4.x86_64
postgresql15-plpython3-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-private-libs-15.0-1.amzn2023.0.4.x86_64
postgresql15-plperl-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-private-devel-15.0-1.amzn2023.0.4.x86_64
postgresql15-pltcl-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-docs-15.0-1.amzn2023.0.4.x86_64
postgresql15-server-devel-15.0-1.amzn2023.0.4.x86_64
postgresql15-upgrade-15.0-1.amzn2023.0.4.x86_64
postgresql15-llvmjit-15.0-1.amzn2023.0.4.x86_64
postgresql15-contrib-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-upgrade-debuginfo-15.0-1.amzn2023.0.4.x86_64
postgresql15-server-15.0-1.amzn2023.0.4.x86_64
postgresql15-contrib-15.0-1.amzn2023.0.4.x86_64
postgresql15-upgrade-devel-15.0-1.amzn2023.0.4.x86_64
postgresql15-debugsource-15.0-1.amzn2023.0.4.x86_64