Tuesday, August 17, 2021

Ubuntu: USN-5038-1 (CVE-2021-3677): PostgreSQL vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-5038-1:It was discovered that the PostgresQL planner could create incorrect plans in certain circumstances. A remote attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly obtain sensitive information from memory. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-3677)It was discovered that PostgreSQL incorrectly handled certain SSL renegotiation ClientHello messages from clients. A remote attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. (CVE-2021-3449)
Solution(s)
  • ubuntu-upgrade-postgresql-10
  • ubuntu-upgrade-postgresql-12
  • ubuntu-upgrade-postgresql-13


  • References
  • USN-4891-1
  • USN-5038-1
  • CVE-2021-3677




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated