Lucene search

DebianDEBIAN:DLA-2817-1:BB858

HistoryNov 12, 2021 - 8:46 a.m.

[SECURITY] [DLA 2817-1] postgresql-9.6 security update

2021-11-1208:46:22

lists.debian.org

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Debian LTS Advisory DLA-2817-1 [email protected]
https://www.debian.org/lts/security/ Utkarsh Gupta
November 12, 2021 https://wiki.debian.org/LTS

Package : postgresql-9.6
Version : 9.6.24-0+deb9u1
CVE ID : CVE-2021-23214 CVE-2021-23222

Jacob Champion discovered two vulnerabilities in the PostgreSQL
database system, which could result in man-in-the-middle attacks.

For Debian 9 stretch, these problems have been fixed in version
9.6.24-0+deb9u1.

We recommend that you upgrade your postgresql-9.6 packages.

For the detailed security status of postgresql-9.6 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-9.6

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10armhfpostgresql-11< 11.14-0+deb10u1postgresql-11_11.14-0+deb10u1_armhf.deb
Debian9armhfpostgresql-contrib-9.6< 9.6.24-0+deb9u1postgresql-contrib-9.6_9.6.24-0+deb9u1_armhf.deb
Debian9armelpostgresql-plperl-9.6< 9.6.24-0+deb9u1postgresql-plperl-9.6_9.6.24-0+deb9u1_armel.deb
Debian10amd64postgresql-11-dbgsym< 11.14-0+deb10u1postgresql-11-dbgsym_11.14-0+deb10u1_amd64.deb
Debian9amd64postgresql-9.6< 9.6.24-0+deb9u1postgresql-9.6_9.6.24-0+deb9u1_amd64.deb
Debian11amd64libpq-dev< 13.5-0+deb11u1libpq-dev_13.5-0+deb11u1_amd64.deb
Debian11s390xlibpq-dev< 13.5-0+deb11u1libpq-dev_13.5-0+deb11u1_s390x.deb
Debian11arm64postgresql-client-13< 13.5-0+deb11u1postgresql-client-13_13.5-0+deb11u1_arm64.deb
Debian10mipspostgresql-plperl-11< 11.14-0+deb10u1postgresql-plperl-11_11.14-0+deb10u1_mips.deb
Debian11s390xpostgresql-pltcl-13< 13.5-0+deb11u1postgresql-pltcl-13_13.5-0+deb11u1_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	postgresql-11	< 11.14-0+deb10u1	postgresql-11_11.14-0+deb10u1_armhf.deb
Debian	9	armhf	postgresql-contrib-9.6	< 9.6.24-0+deb9u1	postgresql-contrib-9.6_9.6.24-0+deb9u1_armhf.deb
Debian	9	armel	postgresql-plperl-9.6	< 9.6.24-0+deb9u1	postgresql-plperl-9.6_9.6.24-0+deb9u1_armel.deb
Debian	10	amd64	postgresql-11-dbgsym	< 11.14-0+deb10u1	postgresql-11-dbgsym_11.14-0+deb10u1_amd64.deb
Debian	9	amd64	postgresql-9.6	< 9.6.24-0+deb9u1	postgresql-9.6_9.6.24-0+deb9u1_amd64.deb
Debian	11	amd64	libpq-dev	< 13.5-0+deb11u1	libpq-dev_13.5-0+deb11u1_amd64.deb
Debian	11	s390x	libpq-dev	< 13.5-0+deb11u1	libpq-dev_13.5-0+deb11u1_s390x.deb
Debian	11	arm64	postgresql-client-13	< 13.5-0+deb11u1	postgresql-client-13_13.5-0+deb11u1_arm64.deb
Debian	10	mips	postgresql-plperl-11	< 11.14-0+deb10u1	postgresql-plperl-11_11.14-0+deb10u1_mips.deb
Debian	11	s390x	postgresql-pltcl-13	< 13.5-0+deb11u1	postgresql-pltcl-13_13.5-0+deb11u1_s390x.deb