A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. If more preconditions hold, the attacker can exfiltrate the client's password or other confidential data that might be transmitted early in a session. The attacker must have a way to trick the client's intended server into making the confidential data accessible to the attacker. Upstream Advisory: https://www.postgresql.org/support/security/CVE-2021-23222/
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022676] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022682] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022677] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022678] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022679] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022680] Created postgresql:14/postgresql tracking bugs for this issue: Affects: fedora-all [bug 2022683] Created postgresql:9.6/postgresql tracking bugs for this issue: Affects: fedora-34 [bug 2022681]
Upstream commit: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=160c0258802d10b0600d7671b1bbea55d8e17d45
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2021:5179 https://access.redhat.com/errata/RHSA-2021:5179
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2021:5197 https://access.redhat.com/errata/RHSA-2021:5197
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23222
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1891 https://access.redhat.com/errata/RHSA-2022:1891