Описание
Security update for postgresql10
This update for postgresql10 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
Список пакетов
Container suse/postgres:10
postgresql10-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Enterprise Storage 6
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
postgresql10-10.19-8.41.1
SUSE Linux Enterprise Module for Legacy 15 SP3
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise Server 15 SP1-BCL
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise Server 15 SP1-LTSS
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
postgresql10-10.19-8.41.1
postgresql10-contrib-10.19-8.41.1
postgresql10-devel-10.19-8.41.1
postgresql10-docs-10.19-8.41.1
postgresql10-plperl-10.19-8.41.1
postgresql10-plpython-10.19-8.41.1
postgresql10-pltcl-10.19-8.41.1
postgresql10-server-10.19-8.41.1
Ссылки
- Link for SUSE-SU-2021:4058-1
- E-Mail link for SUSE-SU-2021:4058-1
- SUSE Security Ratings
- SUSE Bug 1192516
- SUSE CVE CVE-2021-23214 page
- SUSE CVE CVE-2021-23222 page
Описание
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
Затронутые продукты
Container suse/postgres:10:postgresql10-10.19-8.41.1
Container suse/postgres:10:postgresql10-server-10.19-8.41.1
SUSE Enterprise Storage 6:postgresql10-10.19-8.41.1
SUSE Enterprise Storage 6:postgresql10-contrib-10.19-8.41.1
Ссылки
- CVE-2021-23214
- SUSE Bug 1192516
Описание
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
Затронутые продукты
Container suse/postgres:10:postgresql10-10.19-8.41.1
Container suse/postgres:10:postgresql10-server-10.19-8.41.1
SUSE Enterprise Storage 6:postgresql10-10.19-8.41.1
SUSE Enterprise Storage 6:postgresql10-contrib-10.19-8.41.1
Ссылки
- CVE-2021-23222
- SUSE Bug 1192516