Описание
Moderate: postgresql:10 security update
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: postgresql (10.19). (BZ#2023231)
Security Fix(es):
- postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1992263
- Red Hat - 2022666
- Red Hat - 2024568
Связанные уязвимости
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption.
When the server is configured to use trust authentication with a clien ...