Univention Bugzilla – Bug 54058
postgresql-9.6: Multiple issues (4.4)
Last modified: 2021-11-17 16:19:18 CET
New Debian postgresql-9.6 9.6.24-0+deb9u1 fixes: This update addresses the following issues: * server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214) * libpq processes unencrypted bytes from man-in-the-middle (CVE-2021-23222)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/postgresql-9.6_9.6.23-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/postgresql-9.6_9.6.24-0+deb9u1.dsc @@ -1,3 +1,29 @@ +9.6.24-0+deb9u1 [Fri, 12 Nov 2021 08:56:48 +0100] Christoph Berg <myon@debian.org>: + + * New upstream release. + + + Make the server and libpq reject extraneous data after an SSL or GSS + encryption handshake (Tom Lane) + + A man-in-the-middle with the ability to inject data into the TCP + connection could stuff some cleartext data into the start of a + supposedly encryption-protected database session. + + This could be abused to send faked SQL commands to the server, although + that would only work if the server did not demand any authentication + data. (However, a server relying on SSL certificate authentication + might well not do so.) (CVE-2021-23214) + + This could probably be abused to inject faked responses to the client's + first few queries, although other details of libpq's behavior make that + harder than it sounds. A different line of attack is to exfiltrate the + client's password, or other sensitive data that might be sent early in + the session. That has been shown to be possible with a server + vulnerable to CVE-2021-23214. (CVE-2021-23222) + + The PostgreSQL Project thanks Jacob Champion for reporting these + problems. + 9.6.23-0+deb9u1 [Thu, 26 Aug 2021 15:14:41 +0200] Christoph Berg <myon@debian.org>: * New upstream version. <http://piuparts.knut.univention.de/4.4-8/#4989427414904688937>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 8c83b2a123 Bug #54058: postgresql-9.6 9.6.24-0+deb9u1 doc/errata/staging/postgresql-9.6.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1099>