Описание
Security update for postgresql96
This update for postgresql96 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
Список пакетов
HPE Helion OpenStack 8
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE Linux Enterprise Server 12 SP2-BCL
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE Linux Enterprise Server 12 SP3-BCL
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE Linux Enterprise Server 12 SP3-LTSS
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE OpenStack Cloud 8
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
SUSE OpenStack Cloud Crowbar 8
postgresql96-9.6.24-6.18.2
postgresql96-contrib-9.6.24-6.18.2
postgresql96-docs-9.6.24-6.18.2
postgresql96-plperl-9.6.24-6.18.2
postgresql96-plpython-9.6.24-6.18.2
postgresql96-pltcl-9.6.24-6.18.2
postgresql96-server-9.6.24-6.18.2
Ссылки
- Link for SUSE-SU-2021:3757-1
- E-Mail link for SUSE-SU-2021:3757-1
- SUSE Security Ratings
- SUSE Bug 1192516
- SUSE CVE CVE-2021-23214 page
- SUSE CVE CVE-2021-23222 page
Описание
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Затронутые продукты
HPE Helion OpenStack 8:postgresql96-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-contrib-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-docs-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-plperl-9.6.24-6.18.2
Ссылки
- CVE-2021-23214
- SUSE Bug 1192516
Описание
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
Затронутые продукты
HPE Helion OpenStack 8:postgresql96-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-contrib-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-docs-9.6.24-6.18.2
HPE Helion OpenStack 8:postgresql96-plperl-9.6.24-6.18.2
Ссылки
- CVE-2021-23222
- SUSE Bug 1192516