发布于3月6日3月6日 Members Amazon Linux AMI 2: CVE-2022-41862: Security patch for libpq, postgresql (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/03/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) amazon-linux-ami-2-upgrade-libpq amazon-linux-ami-2-upgrade-libpq-debuginfo amazon-linux-ami-2-upgrade-libpq-devel amazon-linux-ami-2-upgrade-postgresql amazon-linux-ami-2-upgrade-postgresql-contrib amazon-linux-ami-2-upgrade-postgresql-debuginfo amazon-linux-ami-2-upgrade-postgresql-docs amazon-linux-ami-2-upgrade-postgresql-llvmjit amazon-linux-ami-2-upgrade-postgresql-plperl amazon-linux-ami-2-upgrade-postgresql-plpython2 amazon-linux-ami-2-upgrade-postgresql-plpython3 amazon-linux-ami-2-upgrade-postgresql-pltcl amazon-linux-ami-2-upgrade-postgresql-private-devel amazon-linux-ami-2-upgrade-postgresql-private-libs amazon-linux-ami-2-upgrade-postgresql-server amazon-linux-ami-2-upgrade-postgresql-server-devel amazon-linux-ami-2-upgrade-postgresql-static amazon-linux-ami-2-upgrade-postgresql-test amazon-linux-ami-2-upgrade-postgresql-test-rpm-macros amazon-linux-ami-2-upgrade-postgresql-upgrade amazon-linux-ami-2-upgrade-postgresql-upgrade-devel References https://attackerkb.com/topics/cve-2022-41862 AL2/ALASPOSTGRESQL12-2023-001 AL2/ALASPOSTGRESQL12-2024-010 AL2/ALASPOSTGRESQL13-2023-001 AL2/ALASPOSTGRESQL14-2023-001 AL2/ALASPOSTGRESQL14-2024-010 CVE - 2022-41862
