Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-5038-1:It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3677)It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449)
Solution(s)
ubuntu-upgrade-postgresql-10ubuntu-upgrade-postgresql-12ubuntu-upgrade-postgresql-13
ReferencesUSN-4891-1USN-5038-1CVE-2021-3677