发布于3月6日3月6日 Members Alma Linux: CVE-2022-41862: Moderate: postgresql:13 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/03/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) alma-upgrade-libpq alma-upgrade-libpq-devel alma-upgrade-pg_repack alma-upgrade-pgaudit alma-upgrade-postgres-decoderbufs alma-upgrade-postgresql alma-upgrade-postgresql-contrib alma-upgrade-postgresql-docs alma-upgrade-postgresql-plperl alma-upgrade-postgresql-plpython3 alma-upgrade-postgresql-pltcl alma-upgrade-postgresql-private-devel alma-upgrade-postgresql-private-libs alma-upgrade-postgresql-server alma-upgrade-postgresql-server-devel alma-upgrade-postgresql-static alma-upgrade-postgresql-test alma-upgrade-postgresql-test-rpm-macros alma-upgrade-postgresql-upgrade alma-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862 https://errata.almalinux.org/8/ALSA-2023-1576.html https://errata.almalinux.org/8/ALSA-2023-4535.html https://errata.almalinux.org/8/ALSA-2023-7016.html https://errata.almalinux.org/9/ALSA-2023-1693.html https://errata.almalinux.org/9/ALSA-2023-6429.html
