SUSE-SU-2021:3755-1

Опубликовано: 20 нояб. 2021

Источник: suse-cvrf

Описание

Security update for postgresql, postgresql13, postgresql14

This update for postgresql, postgresql13 and postgresql14 fixes the following issues:

Security issues fixed:

CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).

This update also ships postgresql14 to SUSE Linux Enterprise 12 SP5. (jsc#SLE-22673) On older service packs only libpq5 and libecpg6 are being replaced by the postgresql14 variants.

Feature changes in postgresql14:

Список пакетов

HPE Helion OpenStack 8

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server 12 SP2-BCL

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server 12 SP3-BCL

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server 12 SP3-LTSS

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server 12 SP5

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

postgresql13-13.5-3.15.2

postgresql13-contrib-13.5-3.15.2

postgresql13-docs-13.5-3.15.2

postgresql13-plperl-13.5-3.15.2

postgresql13-plpython-13.5-3.15.2

postgresql13-pltcl-13.5-3.15.2

postgresql13-server-13.5-3.15.2

postgresql14-14.1-3.3.1

postgresql14-contrib-14.1-3.3.1

postgresql14-docs-14.1-3.3.1

postgresql14-plperl-14.1-3.3.1

postgresql14-plpython-14.1-3.3.1

postgresql14-pltcl-14.1-3.3.1

postgresql14-server-14.1-3.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

postgresql13-13.5-3.15.2

postgresql13-contrib-13.5-3.15.2

postgresql13-docs-13.5-3.15.2

postgresql13-plperl-13.5-3.15.2

postgresql13-plpython-13.5-3.15.2

postgresql13-pltcl-13.5-3.15.2

postgresql13-server-13.5-3.15.2

postgresql14-14.1-3.3.1

postgresql14-contrib-14.1-3.3.1

postgresql14-docs-14.1-3.3.1

postgresql14-plperl-14.1-3.3.1

postgresql14-plpython-14.1-3.3.1

postgresql14-pltcl-14.1-3.3.1

postgresql14-server-14.1-3.3.1

SUSE Linux Enterprise Software Development Kit 12 SP5

postgresql-devel-14-4.10.1

postgresql-server-devel-14-4.10.1

postgresql13-devel-13.5-3.15.2

postgresql13-server-devel-13.5-3.15.2

postgresql14-devel-14.1-3.3.1

postgresql14-server-devel-14.1-3.3.1

SUSE OpenStack Cloud 8

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE OpenStack Cloud 9

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE OpenStack Cloud Crowbar 8

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

SUSE OpenStack Cloud Crowbar 9

libecpg6-14.1-3.3.1

libpq5-14.1-3.3.1

libpq5-32bit-14.1-3.3.1

postgresql-14-4.10.1

postgresql-contrib-14-4.10.1

postgresql-docs-14-4.10.1

postgresql-plperl-14-4.10.1

postgresql-plpython-14-4.10.1

postgresql-pltcl-14-4.10.1

postgresql-server-14-4.10.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213755-1/
Link for SUSE-SU-2021:3755-1
https://lists.suse.com/pipermail/sle-security-updates/2021-November/009760.html
E-Mail link for SUSE-SU-2021:3755-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1192516
SUSE Bug 1192516
https://www.suse.com/security/cve/CVE-2021-23214/
SUSE CVE CVE-2021-23214 page
https://www.suse.com/security/cve/CVE-2021-23222/
SUSE CVE CVE-2021-23222 page

Описание

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Затронутые продукты

HPE Helion OpenStack 8:libecpg6-14.1-3.3.1

HPE Helion OpenStack 8:libpq5-14.1-3.3.1

HPE Helion OpenStack 8:libpq5-32bit-14.1-3.3.1

HPE Helion OpenStack 8:postgresql-14-4.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-23214.html
CVE-2021-23214
https://bugzilla.suse.com/1192516
SUSE Bug 1192516

Описание

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Затронутые продукты

HPE Helion OpenStack 8:libecpg6-14.1-3.3.1

HPE Helion OpenStack 8:libpq5-14.1-3.3.1

HPE Helion OpenStack 8:libpq5-32bit-14.1-3.3.1

HPE Helion OpenStack 8:postgresql-14-4.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-23222.html
CVE-2021-23222
https://bugzilla.suse.com/1192516
SUSE Bug 1192516

SUSE-SU-2021:3755-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2021-23214

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-23222

Описание

Затронутые продукты

Ссылки