Amazon Linux 2023 Security Advisory: ALAS2023-2025-973
Advisory Released Date: 2025-06-02
Advisory Updated Date: 2025-06-02
Severity:
Medium
Issue Overview:
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected. (CVE-2025-4207)
Affected Packages:
postgresql16
Issue Correction:
Run dnf update postgresql16 --releasever 2023.7.20250527 to update your system.
New Packages:
aarch64:
postgresql16-plperl-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-llvmjit-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-pltcl-16.9-1.amzn2023.0.1.aarch64
postgresql16-static-16.9-1.amzn2023.0.1.aarch64
postgresql16-test-16.9-1.amzn2023.0.1.aarch64
postgresql16-server-devel-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-test-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-private-libs-16.9-1.amzn2023.0.1.aarch64
postgresql16-private-libs-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-contrib-16.9-1.amzn2023.0.1.aarch64
postgresql16-plpython3-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-llvmjit-16.9-1.amzn2023.0.1.aarch64
postgresql16-private-devel-16.9-1.amzn2023.0.1.aarch64
postgresql16-plpython3-16.9-1.amzn2023.0.1.aarch64
postgresql16-upgrade-devel-16.9-1.amzn2023.0.1.aarch64
postgresql16-contrib-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-server-devel-16.9-1.amzn2023.0.1.aarch64
postgresql16-pltcl-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-upgrade-devel-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-16.9-1.amzn2023.0.1.aarch64
postgresql16-upgrade-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-server-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-docs-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-docs-16.9-1.amzn2023.0.1.aarch64
postgresql16-plperl-16.9-1.amzn2023.0.1.aarch64
postgresql16-debuginfo-16.9-1.amzn2023.0.1.aarch64
postgresql16-server-16.9-1.amzn2023.0.1.aarch64
postgresql16-upgrade-16.9-1.amzn2023.0.1.aarch64
postgresql16-debugsource-16.9-1.amzn2023.0.1.aarch64
noarch:
postgresql16-test-rpm-macros-16.9-1.amzn2023.0.1.noarch
src:
postgresql16-16.9-1.amzn2023.0.1.src
x86_64:
postgresql16-contrib-16.9-1.amzn2023.0.1.x86_64
postgresql16-private-libs-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-llvmjit-16.9-1.amzn2023.0.1.x86_64
postgresql16-server-devel-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-server-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-upgrade-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-test-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-contrib-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-upgrade-devel-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-pltcl-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-plperl-16.9-1.amzn2023.0.1.x86_64
postgresql16-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-llvmjit-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-docs-16.9-1.amzn2023.0.1.x86_64
postgresql16-16.9-1.amzn2023.0.1.x86_64
postgresql16-server-devel-16.9-1.amzn2023.0.1.x86_64
postgresql16-private-devel-16.9-1.amzn2023.0.1.x86_64
postgresql16-plperl-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-docs-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-static-16.9-1.amzn2023.0.1.x86_64
postgresql16-plpython3-debuginfo-16.9-1.amzn2023.0.1.x86_64
postgresql16-test-16.9-1.amzn2023.0.1.x86_64
postgresql16-upgrade-devel-16.9-1.amzn2023.0.1.x86_64
postgresql16-pltcl-16.9-1.amzn2023.0.1.x86_64
postgresql16-plpython3-16.9-1.amzn2023.0.1.x86_64
postgresql16-debugsource-16.9-1.amzn2023.0.1.x86_64
postgresql16-private-libs-16.9-1.amzn2023.0.1.x86_64
postgresql16-server-16.9-1.amzn2023.0.1.x86_64
postgresql16-upgrade-16.9-1.amzn2023.0.1.x86_64