Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:3759-1

Опубликовано: 22 нояб. 2021
Источник: suse-cvrf

Описание

Security update for postgresql14

This update for postgresql14 fixes the following issues:

  • CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).

  • CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).

  • Let rpmlint ignore shlib-policy-name-error (boo#1191782).

Список пакетов

openSUSE Leap 15.3
libecpg6-14.1-5.6.1
libecpg6-32bit-14.1-5.6.1
libpq5-14.1-5.6.1
libpq5-32bit-14.1-5.6.1
postgresql14-14.1-5.6.1
postgresql14-contrib-14.1-5.6.1
postgresql14-devel-14.1-5.6.1
postgresql14-devel-mini-14.1-5.6.1
postgresql14-docs-14.1-5.6.1
postgresql14-llvmjit-14.1-5.6.1
postgresql14-plperl-14.1-5.6.1
postgresql14-plpython-14.1-5.6.1
postgresql14-pltcl-14.1-5.6.1
postgresql14-server-14.1-5.6.1
postgresql14-server-devel-14.1-5.6.1
postgresql14-test-14.1-5.6.1

Ссылки

Описание

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

Затронутые продукты
openSUSE Leap 15.3:libecpg6-14.1-5.6.1
openSUSE Leap 15.3:libecpg6-32bit-14.1-5.6.1
openSUSE Leap 15.3:libpq5-14.1-5.6.1
openSUSE Leap 15.3:libpq5-32bit-14.1-5.6.1
Ссылки

Описание

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

Затронутые продукты
openSUSE Leap 15.3:libecpg6-14.1-5.6.1
openSUSE Leap 15.3:libecpg6-32bit-14.1-5.6.1
openSUSE Leap 15.3:libpq5-14.1-5.6.1
openSUSE Leap 15.3:libpq5-32bit-14.1-5.6.1
Ссылки
Уязвимость openSUSE-SU-2021:3759-1