Sunday, February 27, 2022

Huawei EulerOS: CVE-2021-23214: postgresql security update

Description
It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands.
Solution(s)
  • huawei-euleros-2_0_sp3-upgrade-postgresql
  • huawei-euleros-2_0_sp3-upgrade-postgresql-contrib
  • huawei-euleros-2_0_sp3-upgrade-postgresql-devel
  • huawei-euleros-2_0_sp3-upgrade-postgresql-docs
  • huawei-euleros-2_0_sp3-upgrade-postgresql-libs
  • huawei-euleros-2_0_sp3-upgrade-postgresql-plperl
  • huawei-euleros-2_0_sp3-upgrade-postgresql-plpython
  • huawei-euleros-2_0_sp3-upgrade-postgresql-pltcl
  • huawei-euleros-2_0_sp3-upgrade-postgresql-server
  • huawei-euleros-2_0_sp3-upgrade-postgresql-test


  • References
  • https://attackerkb.com/topics/cve-2021-23214
  • CVE - 2021-23214
  • EulerOS-SA-2022-1182




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore