Arch Linux 202204-1 High Severity: PostgreSQL Man-In-The-Middle Attack
Apr 04, 2022
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package postgresql before version 13.5-1 is vulnerable to man-in- the-middle.
Arch Linux Security Advisory ASA-202204-1 ======================================== Severity: High Date : 2022-04-04 CVE-ID : CVE-2021-23214 Package : postgresql Type : man-in-the-middle Remote : Yes Link : https://security.archlinux.org/AVG-2546 Summary ====== The package postgresql before version 13.5-1 is vulnerable to man-in-the-middle. Resolution ========= Upgrade to 13.5-1. # pacman -Syu "postgresql>=13.5-1" The problem has been fixed upstream in version 13.5. Workaround ========= None. Description ========== A security issue has been found in PostgreSQL versions 9.6 up to 14. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. Impact ===== A man-in-the-middle attacker is able to inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. References ========= https://www.postgresql.org/support/security/CVE-2021-23214/ https://security.archlinux.org/CVE-2021-23214
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!