Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202140581HistoryDec 15, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2021:4058-1)
2021-12-1500:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2021.4058.1");
script_cve_id("CVE-2021-23214", "CVE-2021-23222");
script_tag(name:"creation_date", value:"2021-12-15 03:22:16 +0000 (Wed, 15 Dec 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-03-15 15:49:18 +0000 (Tue, 15 Mar 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2021:4058-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP2|SLES15\.0SP3|SLES15\.0SP1)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2021:4058-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2021/suse-su-20214058-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'postgresql10' package(s) announced via the SUSE-SU-2021:4058-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for postgresql10 fixes the following issues:
CVE-2021-23214: Make the server reject extraneous data after an SSL or
GSS encryption handshake (bsc#1192516).
CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS
encryption handshake (bsc#1192516).");
script_tag(name:"affected", value:"'postgresql10' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise Module for Basesystem 15-SP2, SUSE Linux Enterprise Module for Legacy Software 15-SP3, SUSE Linux Enterprise Module for Server Applications 15-SP2, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"postgresql10", rpm:"postgresql10~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debuginfo", rpm:"postgresql10-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debugsource", rpm:"postgresql10-debugsource~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib", rpm:"postgresql10-contrib~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib-debuginfo", rpm:"postgresql10-contrib-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel", rpm:"postgresql10-devel~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel-debuginfo", rpm:"postgresql10-devel-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-docs", rpm:"postgresql10-docs~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl", rpm:"postgresql10-plperl~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl-debuginfo", rpm:"postgresql10-plperl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython", rpm:"postgresql10-plpython~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython-debuginfo", rpm:"postgresql10-plpython-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl", rpm:"postgresql10-pltcl~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl-debuginfo", rpm:"postgresql10-pltcl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server", rpm:"postgresql10-server~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server-debuginfo", rpm:"postgresql10-server-debuginfo~10.19~8.41.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"postgresql10", rpm:"postgresql10~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib", rpm:"postgresql10-contrib~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib-debuginfo", rpm:"postgresql10-contrib-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debuginfo", rpm:"postgresql10-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debugsource", rpm:"postgresql10-debugsource~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel", rpm:"postgresql10-devel~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel-debuginfo", rpm:"postgresql10-devel-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl", rpm:"postgresql10-plperl~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl-debuginfo", rpm:"postgresql10-plperl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython", rpm:"postgresql10-plpython~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython-debuginfo", rpm:"postgresql10-plpython-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl", rpm:"postgresql10-pltcl~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl-debuginfo", rpm:"postgresql10-pltcl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server", rpm:"postgresql10-server~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server-debuginfo", rpm:"postgresql10-server-debuginfo~10.19~8.41.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"postgresql10", rpm:"postgresql10~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib", rpm:"postgresql10-contrib~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-contrib-debuginfo", rpm:"postgresql10-contrib-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debuginfo", rpm:"postgresql10-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-debugsource", rpm:"postgresql10-debugsource~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel", rpm:"postgresql10-devel~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-devel-debuginfo", rpm:"postgresql10-devel-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-docs", rpm:"postgresql10-docs~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl", rpm:"postgresql10-plperl~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plperl-debuginfo", rpm:"postgresql10-plperl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython", rpm:"postgresql10-plpython~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-plpython-debuginfo", rpm:"postgresql10-plpython-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl", rpm:"postgresql10-pltcl~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-pltcl-debuginfo", rpm:"postgresql10-pltcl-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server", rpm:"postgresql10-server~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"postgresql10-server-debuginfo", rpm:"postgresql10-server-debuginfo~10.19~8.41.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
suse
suse
Security update for postgresql10 (important)
2021-12-15 00:00:00
Security update for postgresql14 (important)
2021-11-22 00:00:00
Security update for postgresql13 (important)
2021-11-22 00:00:00
nessus
nessus
openSUSE 15 Security Update : postgresql12 (openSUSE-SU-2021:3758-1)
2021-11-23 00:00:00
openSUSE 15 Security Update : postgresql10 (openSUSE-SU-2021:4058-1)
2021-12-17 00:00:00
Debian DSA-5006-1 : postgresql-11 - security update
2021-11-12 00:00:00
altlinux
altlinux
osv
osv
postgresql-13 - security update
2021-11-11 00:00:00
postgresql-11 - security update
2021-11-11 00:00:00
postgresql-9.6 - security update
2021-11-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:3762-1)
2021-11-23 00:00:00
openSUSE: Security Advisory for postgresql13 (openSUSE-SU-2021:3762-1)
2021-11-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3760-1)
2021-11-23 00:00:00
debian
debian
[SECURITY] [DLA 2817-1] postgresql-9.6 security update
2021-11-12 08:46:22
[SECURITY] [DSA 5006-1] postgresql-11 security update
2021-11-11 21:49:53
[SECURITY] [DSA 5007-1] postgresql-13 security update
2021-11-11 21:52:56
mageia
mageia
Updated postgresql packages fix security vulnerability
2021-11-25 16:06:13
ubuntu
ubuntu
PostgreSQL vulnerabilities
2021-11-11 00:00:00
PostgreSQL vulnerability
2022-12-07 00:00:00
PostgreSQL vulnerabilities
2022-09-28 00:00:00
redos
redos
ROS-20220125-13
2022-01-25 00:00:00
freebsd
freebsd
PostgreSQL -- Possible man-in-the-middle attacks
2021-11-08 00:00:00
ibm
ibm
fedora
fedora
[SECURITY] Fedora 35 Update: pgbouncer-1.16.1-1.fc35
2021-12-31 01:21:38
github
github
PostgresNIO processes unencrypted bytes from man-in-the-middle
2023-05-10 19:20:16
redhat
redhat
(RHSA-2021:5197) Moderate: rh-postgresql12-postgresql security update
2021-12-16 18:07:11
(RHSA-2021:5179) Moderate: rh-postgresql13-postgresql security update
2021-12-16 11:34:46
(RHSA-2022:1830) Moderate: postgresql:10 security update
2022-05-10 08:03:34
veracode
veracode
Man-in-the-Middle (MitM)
2021-11-14 07:40:11
Denial Of Service (DoS)
2021-11-14 07:42:43
rocky
rocky
postgresql:10 security update
2022-05-10 08:03:34
libpq security update
2022-05-10 06:36:04
postgresql:12 security update
2021-12-21 09:10:31
prion
prion
Sql injection
2022-03-04 16:15:00
Design/Logic Flaw
2022-03-02 23:15:00
Sql injection
2022-08-25 18:15:00
archlinux
archlinux
[ASA-202204-1] postgresql: man-in-the-middle
2022-04-04 00:00:00
[ASA-202203-1] postgresql: man-in-the-middle
2022-03-25 00:00:00
cve
cve
amazon
amazon
Medium: postgresql96
2023-01-18 20:56:00
Medium: postgresql95
2023-01-18 20:56:00
Medium: postgresql
2023-02-17 00:11:00
almalinux
almalinux
Moderate: postgresql:10 security update
2022-05-10 08:03:34
Low: libpq security update
2022-05-10 06:36:04
Moderate: postgresql:12 security update
2021-12-21 09:10:31
cbl_mariner
cbl_mariner
CVE-2021-23214 affecting package postgresql for versions less than 14.2-1
2022-04-26 20:17:02
CVE-2021-23214 affecting package postgresql 12.8-1
2022-03-19 16:40:54
CVE-2021-23222 affecting package postgresql for versions less than 14.2-1
2022-04-26 20:17:02
oraclelinux
oraclelinux
postgresql:10 security update
2022-05-17 00:00:00
libpq security update
2022-05-17 00:00:00
postgresql:12 security update
2021-12-22 00:00:00
alpinelinux
alpinelinux
CVE-2021-23214
2022-03-04 16:15:00
CVE-2021-23222
2022-03-02 23:15:00
redhatcve
redhatcve
CVE-2021-23214
2022-04-26 22:23:51
CVE-2021-23222
2021-11-12 12:00:28
debiancve
debiancve
CVE-2021-23214
2022-03-04 16:15:00
CVE-2021-23222
2022-03-02 23:15:00
ubuntucve
ubuntucve
CVE-2021-23214
2021-11-11 00:00:00
CVE-2021-23222
2021-11-11 00:00:00
gentoo
gentoo
PostgreSQL: Multiple Vulnerabilities
2022-11-19 00:00:00
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%
Related for OPENVAS:13614125623114202140581