发布于3月6日3月6日 Members Rocky Linux: CVE-2022-41862: postgresql-12 (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/03/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) rocky-upgrade-pg_repack rocky-upgrade-pg_repack-debuginfo rocky-upgrade-pg_repack-debugsource rocky-upgrade-pgaudit rocky-upgrade-pgaudit-debuginfo rocky-upgrade-pgaudit-debugsource rocky-upgrade-postgres-decoderbufs rocky-upgrade-postgres-decoderbufs-debuginfo rocky-upgrade-postgres-decoderbufs-debugsource rocky-upgrade-postgresql rocky-upgrade-postgresql-contrib rocky-upgrade-postgresql-contrib-debuginfo rocky-upgrade-postgresql-debuginfo rocky-upgrade-postgresql-debugsource rocky-upgrade-postgresql-docs rocky-upgrade-postgresql-docs-debuginfo rocky-upgrade-postgresql-plperl rocky-upgrade-postgresql-plperl-debuginfo rocky-upgrade-postgresql-plpython3 rocky-upgrade-postgresql-plpython3-debuginfo rocky-upgrade-postgresql-pltcl rocky-upgrade-postgresql-pltcl-debuginfo rocky-upgrade-postgresql-server rocky-upgrade-postgresql-server-debuginfo rocky-upgrade-postgresql-server-devel rocky-upgrade-postgresql-server-devel-debuginfo rocky-upgrade-postgresql-static rocky-upgrade-postgresql-test rocky-upgrade-postgresql-test-debuginfo rocky-upgrade-postgresql-upgrade rocky-upgrade-postgresql-upgrade-debuginfo rocky-upgrade-postgresql-upgrade-devel rocky-upgrade-postgresql-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862 https://errata.rockylinux.org/RLSA-2023:1576 https://errata.rockylinux.org/RLSA-2023:4535
