[SECURITY] [DSA 5006-1] postgresql-11 security update

2021-11-1121:49:53

lists.debian.org

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Debian Security Advisory DSA-5006-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 11, 2021 https://www.debian.org/security/faq

Package : postgresql-11
CVE ID : CVE-2021-23214 CVE-2021-23222

Jacob Champion discovered two vulnerabilities in the PostgreSQL database
system, which could result in man-in-the-middle attacks.

For the oldstable distribution (buster), these problems have been fixed
in version 11.14-0+deb10u1.

We recommend that you upgrade your postgresql-11 packages.

For the detailed security status of postgresql-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mips64elpostgresql-plperl-11< 11.14-0+deb10u1postgresql-plperl-11_11.14-0+deb10u1_mips64el.deb
Debian11amd64postgresql-pltcl-13< 13.5-0+deb11u1postgresql-pltcl-13_13.5-0+deb11u1_amd64.deb
Debian11armelpostgresql-server-dev-13< 13.5-0+deb11u1postgresql-server-dev-13_13.5-0+deb11u1_armel.deb
Debian9i386libpgtypes3< 9.6.24-0+deb9u1libpgtypes3_9.6.24-0+deb9u1_i386.deb
Debian10mipspostgresql-plperl-11-dbgsym< 11.14-0+deb10u1postgresql-plperl-11-dbgsym_11.14-0+deb10u1_mips.deb
Debian10ppc64ellibecpg-compat3-dbgsym< 11.14-0+deb10u1libecpg-compat3-dbgsym_11.14-0+deb10u1_ppc64el.deb
Debian10amd64postgresql-server-dev-11-dbgsym< 11.14-0+deb10u1postgresql-server-dev-11-dbgsym_11.14-0+deb10u1_amd64.deb
Debian11mips64ellibpq5< 13.5-0+deb11u1libpq5_13.5-0+deb11u1_mips64el.deb
Debian11armhfpostgresql-plpython3-13-dbgsym< 13.5-0+deb11u1postgresql-plpython3-13-dbgsym_13.5-0+deb11u1_armhf.deb
Debian11ppc64ellibecpg-dev-dbgsym< 13.5-0+deb11u1libecpg-dev-dbgsym_13.5-0+deb11u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	mips64el	postgresql-plperl-11	< 11.14-0+deb10u1	postgresql-plperl-11_11.14-0+deb10u1_mips64el.deb
Debian	11	amd64	postgresql-pltcl-13	< 13.5-0+deb11u1	postgresql-pltcl-13_13.5-0+deb11u1_amd64.deb
Debian	11	armel	postgresql-server-dev-13	< 13.5-0+deb11u1	postgresql-server-dev-13_13.5-0+deb11u1_armel.deb
Debian	9	i386	libpgtypes3	< 9.6.24-0+deb9u1	libpgtypes3_9.6.24-0+deb9u1_i386.deb
Debian	10	mips	postgresql-plperl-11-dbgsym	< 11.14-0+deb10u1	postgresql-plperl-11-dbgsym_11.14-0+deb10u1_mips.deb
Debian	10	ppc64el	libecpg-compat3-dbgsym	< 11.14-0+deb10u1	libecpg-compat3-dbgsym_11.14-0+deb10u1_ppc64el.deb
Debian	10	amd64	postgresql-server-dev-11-dbgsym	< 11.14-0+deb10u1	postgresql-server-dev-11-dbgsym_11.14-0+deb10u1_amd64.deb
Debian	11	mips64el	libpq5	< 13.5-0+deb11u1	libpq5_13.5-0+deb11u1_mips64el.deb
Debian	11	armhf	postgresql-plpython3-13-dbgsym	< 13.5-0+deb11u1	postgresql-plpython3-13-dbgsym_13.5-0+deb11u1_armhf.deb
Debian	11	ppc64el	libecpg-dev-dbgsym	< 13.5-0+deb11u1	libecpg-dev-dbgsym_13.5-0+deb11u1_ppc64el.deb