Bug 2022666 (CVE-2021-23214)
Summary: | CVE-2021-23214 postgresql: server processes unencrypted bytes from man-in-the-middle | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, akoufoud, alazarot, almorale, anon.amish, anstephe, aos-bugs, asakala, avibelli, bdettelb, bgeorges, bibryam, caswilli, cbuissar, chazlett, clement.escoffier, dandread, databases-maint, devrim, dkreling, drieden, eric.wittmann, etirelli, fjansen, fjanus, ggastald, ggaughan, gmalinko, gmorling, gsmet, hamadhan, hbraun, hhorak, ibek, janstey, jmlich83, jnakfour, jnethert, jochrist, jorton, jpallich, jpechane, jrokos, jstastny, jwon, kaycoth, krathod, kverlaen, loleary, lthon, mike, mnovotny, mszynkie, mvanderw, panovotn, pantinor, pdelbell, peholase, pgallagh, pjindal, pkubat, praiskup, probinso, psegedy, rfreiman, rrajasek, rruss, rsvoboda, sbiarozk, sdouglas, spinder, tgl, theute, tzimanyi |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 9.6.24, postgresql 10.19, postgresql 11.14, postgresql 12.9, postgresql 13.5, postgresql 14.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-21 10:50:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2022667, 2022668, 2022669, 2022670, 2022671, 2022672, 2022673, 2022674, 2023231, 2023232, 2023233, 2023234, 2023235, 2023236, 2023237, 2023301, 2028598, 2031509, 2031510 | ||
Bug Blocks: | 2021380 |
Description
Marian Rehak
2021-11-12 10:34:48 UTC
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022667] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022673] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022668] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022669] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022670] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022671] Created postgresql:14/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022674] Created postgresql:9.6/postgresql tracking bugs for this issue: Affects: fedora-34 [bug 2022672] Upstream commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=28e24125541545483093819efae9bca603441951 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2021:5179 https://access.redhat.com/errata/RHSA-2021:5179 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2021:5197 https://access.redhat.com/errata/RHSA-2021:5197 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5235 https://access.redhat.com/errata/RHSA-2021:5235 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5236 https://access.redhat.com/errata/RHSA-2021:5236 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23214 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1830 https://access.redhat.com/errata/RHSA-2022:1830 |