Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:3761-1

Опубликовано: 22 нояб. 2021
Источник: suse-cvrf

Описание

Security update for postgresql10

This update for postgresql10 fixes the following issues:

  • CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
  • CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).

Список пакетов

HPE Helion OpenStack 8
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server 12 SP2-BCL
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server 12 SP3-BCL
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server 12 SP3-LTSS
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server 12 SP4-LTSS
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server 12 SP5
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE Linux Enterprise Software Development Kit 12 SP5
postgresql10-devel-10.19-4.22.1
SUSE OpenStack Cloud 8
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE OpenStack Cloud 9
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE OpenStack Cloud Crowbar 8
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1
SUSE OpenStack Cloud Crowbar 9
postgresql10-10.19-4.22.1
postgresql10-contrib-10.19-4.22.1
postgresql10-docs-10.19-4.22.1
postgresql10-plperl-10.19-4.22.1
postgresql10-plpython-10.19-4.22.1
postgresql10-pltcl-10.19-4.22.1
postgresql10-server-10.19-4.22.1

Ссылки

Описание

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Затронутые продукты
HPE Helion OpenStack 8:postgresql10-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-contrib-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-docs-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-plperl-10.19-4.22.1
Ссылки

Описание

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Затронутые продукты
HPE Helion OpenStack 8:postgresql10-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-contrib-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-docs-10.19-4.22.1
HPE Helion OpenStack 8:postgresql10-plperl-10.19-4.22.1
Ссылки
Уязвимость SUSE-SU-2021:3761-1