Amazon Linux AMI update for postgresql15
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-41862 CVE-2023-2455 CVE-2023-39418 CVE-2016-2193 |
| CWE-ID | CWE-125 CWE-254 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Amazon Linux AMI Operating systems & Components / Operating system postgresql15 Operating systems & Components / Operating system package or component |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU72088
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41862
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can send an unterminated string during the establishment of Kerberos transport encryption, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-15.4-1.amzn2023.0.1.aarch64
postgresql15-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-15.4-1.amzn2023.0.1.aarch64
postgresql15-static-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-debugsource-15.4-1.amzn2023.0.1.aarch64
noarch:
postgresql15-test-rpm-macros-15.4-1.amzn2023.0.1.noarch
src:
postgresql15-15.4-1.amzn2023.0.1.src
x86_64:
postgresql15-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-15.4-1.amzn2023.0.1.x86_64
postgresql15-static-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.x86_64
postgresql15-debugsource-15.4-1.amzn2023.0.1.x86_64
Amazon Linux AMI: All versions
postgresql15: before 15.4-1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:postgresql15:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/AL2023/ALAS-2023-387.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU76042
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2455
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to incomplete fix for #VU40402 (CVE-2016-2193) that did not anticipate a scenario involving function inlining. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.
This affects only databases that have used CREATE POLICY to define a row security policy.
Update the affected packages:
aarch64:Vulnerable software versions
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-15.4-1.amzn2023.0.1.aarch64
postgresql15-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-15.4-1.amzn2023.0.1.aarch64
postgresql15-static-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-debugsource-15.4-1.amzn2023.0.1.aarch64
noarch:
postgresql15-test-rpm-macros-15.4-1.amzn2023.0.1.noarch
src:
postgresql15-15.4-1.amzn2023.0.1.src
x86_64:
postgresql15-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-15.4-1.amzn2023.0.1.x86_64
postgresql15-static-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.x86_64
postgresql15-debugsource-15.4-1.amzn2023.0.1.x86_64
Amazon Linux AMI: All versions
postgresql15: before 15.4-1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:postgresql15:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/AL2023/ALAS-2023-387.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79455
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-39418
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to the MERGE command does not properly enforce UPDATE or SELECT row security policies. A remote user can read or update protected data.
Update the affected packages:
aarch64:Vulnerable software versions
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-15.4-1.amzn2023.0.1.aarch64
postgresql15-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-15.4-1.amzn2023.0.1.aarch64
postgresql15-static-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-debugsource-15.4-1.amzn2023.0.1.aarch64
noarch:
postgresql15-test-rpm-macros-15.4-1.amzn2023.0.1.noarch
src:
postgresql15-15.4-1.amzn2023.0.1.src
x86_64:
postgresql15-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-15.4-1.amzn2023.0.1.x86_64
postgresql15-static-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.x86_64
postgresql15-debugsource-15.4-1.amzn2023.0.1.x86_64
Amazon Linux AMI: All versions
postgresql15: before 15.4-1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:postgresql15:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/AL2023/ALAS-2023-387.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security Features
EUVDB-ID: #VU40402
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-2193
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
MitigationUpdate the affected packages:
aarch64:Vulnerable software versions
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-test-15.4-1.amzn2023.0.1.aarch64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-private-libs-15.4-1.amzn2023.0.1.aarch64
postgresql15-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plperl-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-plpython3-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-15.4-1.amzn2023.0.1.aarch64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.aarch64
postgresql15-contrib-15.4-1.amzn2023.0.1.aarch64
postgresql15-static-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-server-devel-15.4-1.amzn2023.0.1.aarch64
postgresql15-docs-15.4-1.amzn2023.0.1.aarch64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.aarch64
postgresql15-debugsource-15.4-1.amzn2023.0.1.aarch64
noarch:
postgresql15-test-rpm-macros-15.4-1.amzn2023.0.1.noarch
src:
postgresql15-15.4-1.amzn2023.0.1.src
x86_64:
postgresql15-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-15.4-1.amzn2023.0.1.x86_64
postgresql15-plpython3-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-pltcl-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-libs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-15.4-1.amzn2023.0.1.x86_64
postgresql15-static-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-plperl-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-upgrade-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-private-devel-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-debuginfo-15.4-1.amzn2023.0.1.x86_64
postgresql15-docs-15.4-1.amzn2023.0.1.x86_64
postgresql15-contrib-15.4-1.amzn2023.0.1.x86_64
postgresql15-server-15.4-1.amzn2023.0.1.x86_64
postgresql15-test-15.4-1.amzn2023.0.1.x86_64
postgresql15-llvmjit-15.4-1.amzn2023.0.1.x86_64
postgresql15-debugsource-15.4-1.amzn2023.0.1.x86_64
Amazon Linux AMI: All versions
postgresql15: before 15.4-1
CPE2.3- cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
- cpe:2.3:o:amazon_web_services:postgresql15:*:*:*:*:*:amazon_linux_ami:*:*
https://alas.aws.amazon.com/AL2023/ALAS-2023-387.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
