Headline
RHSA-2021:5179: Red Hat Security Advisory: rh-postgresql13-postgresql security update
An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-3677: postgresql: memory disclosure in certain queries
- CVE-2021-23214: postgresql: server processes unencrypted bytes from man-in-the-middle
- CVE-2021-23222: postgresql: libpq processes unencrypted bytes from man-in-the-middle
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2021-12-16
Updated:
2021-12-16
RHSA-2021:5179 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: rh-postgresql13-postgresql security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for rh-postgresql13-postgresql is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PostgreSQL is an advanced object-relational database management system (DBMS).
The following packages have been upgraded to a later upstream version: rh-postgresql13-postgresql (13.5).
Security Fix(es):
- postgresql: memory disclosure in certain queries (CVE-2021-3677)
- postgresql: server processes unencrypted bytes from man-in-the-middle (CVE-2021-23214)
- postgresql: libpq processes unencrypted bytes from man-in-the-middle (CVE-2021-23222)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
If the postgresql service is running, it will be automatically restarted after installing this update.
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 2001857 - CVE-2021-3677 postgresql: memory disclosure in certain queries
- BZ - 2022666 - CVE-2021-23214 postgresql: server processes unencrypted bytes from man-in-the-middle
- BZ - 2022675 - CVE-2021-23222 postgresql: libpq processes unencrypted bytes from man-in-the-middle
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.5-1.el7.src.rpm
SHA-256: 6f196e3b84ca50379312eb38824409b0d8fdd6eb7a0f5a8ae2b2d8adabd23581
x86_64
rh-postgresql13-postgresql-13.5-1.el7.x86_64.rpm
SHA-256: be12159a30635a44c568034de8bef71666971d22f133a31777f9ff3644647663
rh-postgresql13-postgresql-contrib-13.5-1.el7.x86_64.rpm
SHA-256: dd46d6f57e1d021aba11815a4f7b3a9c2cad25ee64f3f6babff24ff085f3fc50
rh-postgresql13-postgresql-contrib-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 118e29f06e9eacccb9c7bb524df551ff6e6dee82d7fc5a2b87072f50bf093aef
rh-postgresql13-postgresql-debuginfo-13.5-1.el7.x86_64.rpm
SHA-256: ad97a327eff6405ea31d81b8ed40f35dd02aa68b9324f2cb579510d50793b7b8
rh-postgresql13-postgresql-devel-13.5-1.el7.x86_64.rpm
SHA-256: 292a355826b9796f198c85277338e7807ae26d07e7cc389e14e5df8f8693ac77
rh-postgresql13-postgresql-docs-13.5-1.el7.x86_64.rpm
SHA-256: c01e0d414cee5b8ed21a3bab1c5d3f38628e49378c51b42b760c2e575798d8c8
rh-postgresql13-postgresql-libs-13.5-1.el7.x86_64.rpm
SHA-256: 9393b24120ac546679231bc488ef3f75940b264a9b5273548dfdae22c43df854
rh-postgresql13-postgresql-plperl-13.5-1.el7.x86_64.rpm
SHA-256: 82ff75bbc61282a13035d54f54109c6824a68bcd7d24889ddb780a2fc06d41b6
rh-postgresql13-postgresql-plpython-13.5-1.el7.x86_64.rpm
SHA-256: ebedb845d86cfa42a8e60e5506f3aa82b1dc3c86ad524a7af9cbfacb1335b224
rh-postgresql13-postgresql-plpython3-13.5-1.el7.x86_64.rpm
SHA-256: e5bf25ea0ed00199518435213ee5e261fd3331519a0cd66ec27070e690481f0e
rh-postgresql13-postgresql-pltcl-13.5-1.el7.x86_64.rpm
SHA-256: db2f8a8b56efb4df627b58b6f0fd025285a9243bacd1732f0ba45ac59ce7968e
rh-postgresql13-postgresql-server-13.5-1.el7.x86_64.rpm
SHA-256: 5697844da958a2bbc992efe404aae953da9c99005840e37b67cbcf0fe475f626
rh-postgresql13-postgresql-server-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 3b030f1979e890ca04b03b3f7a899b43fac7c09dcfd7f3b155a8e0d2beeca284
rh-postgresql13-postgresql-static-13.5-1.el7.x86_64.rpm
SHA-256: c5f72c1f6480f28880ee356addb1822f131f465e34cd9be6cc06bac0f26f126c
rh-postgresql13-postgresql-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 8e4703d15202a8789db7a4bfb5f7e30d61269c071eca0cf4bae8b5c2d2cf1869
rh-postgresql13-postgresql-test-13.5-1.el7.x86_64.rpm
SHA-256: a4e55190d9e1f6521457ff871857b8c029576e70ff193ee63635afff6f25e516
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.5-1.el7.src.rpm
SHA-256: 6f196e3b84ca50379312eb38824409b0d8fdd6eb7a0f5a8ae2b2d8adabd23581
s390x
rh-postgresql13-postgresql-13.5-1.el7.s390x.rpm
SHA-256: b0a0d22128b4447b8bb7cb8b9d1b7402a844a299184085248d5495f616183632
rh-postgresql13-postgresql-contrib-13.5-1.el7.s390x.rpm
SHA-256: b6f0766413043b716d00f597fc4b9ce58df3b8e1487f00f6b81bcc2528b2219d
rh-postgresql13-postgresql-contrib-syspaths-13.5-1.el7.s390x.rpm
SHA-256: 787ba9527d1dd4d8725a163be0d1eb69bd2fd2b18c79e54e381833228d0c5299
rh-postgresql13-postgresql-debuginfo-13.5-1.el7.s390x.rpm
SHA-256: 7b377110dc33a2a1a93e77fa0958eb7387b136e467b4b152aac549a5edbee3a7
rh-postgresql13-postgresql-devel-13.5-1.el7.s390x.rpm
SHA-256: d9a72fcb4fca33dadffc77791dabd05618619ffe5800c9015cedcf81353e26d8
rh-postgresql13-postgresql-docs-13.5-1.el7.s390x.rpm
SHA-256: 041c6dee6a469ca1989bc21d28c9fe1f888d90d7315e3136685cd31c840e8a26
rh-postgresql13-postgresql-libs-13.5-1.el7.s390x.rpm
SHA-256: ade3da78a21f32401d921794269b2ae4c49aa42e372de8d18e5ead4bbeac25ad
rh-postgresql13-postgresql-plperl-13.5-1.el7.s390x.rpm
SHA-256: 5ecf995c9822d1558dd0d56da5dee86570879580b46d001ae93e0a88b2649cb4
rh-postgresql13-postgresql-plpython-13.5-1.el7.s390x.rpm
SHA-256: 2cc27da2ce8e338ab3109c07a7bfb9772ec5a48411553d2c779443008eda439f
rh-postgresql13-postgresql-plpython3-13.5-1.el7.s390x.rpm
SHA-256: 80fa8453e57829e86b98a9fa79bfc140d173314c75b653ec2a983fe46d672032
rh-postgresql13-postgresql-pltcl-13.5-1.el7.s390x.rpm
SHA-256: c576144b4c7bd194c1ff101208241878fdc58aabe9c593c34b4f62764b37ac12
rh-postgresql13-postgresql-server-13.5-1.el7.s390x.rpm
SHA-256: 8dcbab769d9e0fecb71a754dae5682c73eeeec46c8bd7ee55920814b54c50c14
rh-postgresql13-postgresql-server-syspaths-13.5-1.el7.s390x.rpm
SHA-256: 94af27c2e8486dcda7cf18bd00fb5695e4123fffc544a32afe2c1b62980d4bb5
rh-postgresql13-postgresql-static-13.5-1.el7.s390x.rpm
SHA-256: 3bab3de40e65a4dd41bc604667d05643e78fc01b8bfe895d1830967310a442c7
rh-postgresql13-postgresql-syspaths-13.5-1.el7.s390x.rpm
SHA-256: 75b76c5c989b4cbe3699747ca3b32092732bda1aa6e615e1a3f67a1ae62ac32a
rh-postgresql13-postgresql-test-13.5-1.el7.s390x.rpm
SHA-256: ac3a14986452d7229459da8922efc7b7654a49e0c3407f715af6b9719ccf1e6b
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.5-1.el7.src.rpm
SHA-256: 6f196e3b84ca50379312eb38824409b0d8fdd6eb7a0f5a8ae2b2d8adabd23581
ppc64le
rh-postgresql13-postgresql-13.5-1.el7.ppc64le.rpm
SHA-256: 0d8241a04ca73d3665c96a48cec69e39c71f6734040c4b0b31358be223e18e78
rh-postgresql13-postgresql-contrib-13.5-1.el7.ppc64le.rpm
SHA-256: 2e007aa91eaa2938b842e855bc8fb7c83376e500663cd9c76cba950ce9d48777
rh-postgresql13-postgresql-contrib-syspaths-13.5-1.el7.ppc64le.rpm
SHA-256: 38ce36b139921d83a28bfc133d244ea503e9f6ade98e1dfa9d6f3dac53a67a02
rh-postgresql13-postgresql-debuginfo-13.5-1.el7.ppc64le.rpm
SHA-256: 28b6cc73c71f4a1af512a1bb69ece15d1085c35eaeb13da3f63b2c80400fb304
rh-postgresql13-postgresql-devel-13.5-1.el7.ppc64le.rpm
SHA-256: 940c88b9a528d1a0681e41442f3074625da1ffb10145fef0b91ccdea1dab506e
rh-postgresql13-postgresql-docs-13.5-1.el7.ppc64le.rpm
SHA-256: 03e12861642a6c1fdf96074034196c82c6b0cad6d4d4fde69840a17b97cd2296
rh-postgresql13-postgresql-libs-13.5-1.el7.ppc64le.rpm
SHA-256: 032084b832d88223a8c6757e1ba0a87e1e017c90659e01a625f72888ccb50c62
rh-postgresql13-postgresql-plperl-13.5-1.el7.ppc64le.rpm
SHA-256: 8e45f5c7678b4cf97dc1af635520784c39813f36cbda400a360b36d743265db3
rh-postgresql13-postgresql-plpython-13.5-1.el7.ppc64le.rpm
SHA-256: 677f776268dcb6148ba438fbb5191e9622981828251ac2b16395d5a87c66a3af
rh-postgresql13-postgresql-plpython3-13.5-1.el7.ppc64le.rpm
SHA-256: c83b5ad570205f44431c5dd5ac299c99d7df8f68bf9dedd21edf956575cf27cc
rh-postgresql13-postgresql-pltcl-13.5-1.el7.ppc64le.rpm
SHA-256: ff540801751e42c542ea0b17c350347a8668b6d8f7de222338cbbf5347adc478
rh-postgresql13-postgresql-server-13.5-1.el7.ppc64le.rpm
SHA-256: ed878ee7214a97c9da3cda72bf71db798d58cf80bf3576fdfe17b0fa243f5b86
rh-postgresql13-postgresql-server-syspaths-13.5-1.el7.ppc64le.rpm
SHA-256: 37e9624ac8cb11ddbfd9433a2ea87b36bf47ed00d592b71540faa0d77c72559b
rh-postgresql13-postgresql-static-13.5-1.el7.ppc64le.rpm
SHA-256: af7bbb9eceb57d95f8d1c0ed05af80dee6d1da50aed14a67df049a344d8e9035
rh-postgresql13-postgresql-syspaths-13.5-1.el7.ppc64le.rpm
SHA-256: 2060453fade95647514aeedc4adda4b331d37853d5f3257b99ed2d7d17f392b3
rh-postgresql13-postgresql-test-13.5-1.el7.ppc64le.rpm
SHA-256: 59b010cbed45454e7e925a125af6094e3f7ba639b1dcd2aa096e511a65404232
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
SRPM
rh-postgresql13-postgresql-13.5-1.el7.src.rpm
SHA-256: 6f196e3b84ca50379312eb38824409b0d8fdd6eb7a0f5a8ae2b2d8adabd23581
x86_64
rh-postgresql13-postgresql-13.5-1.el7.x86_64.rpm
SHA-256: be12159a30635a44c568034de8bef71666971d22f133a31777f9ff3644647663
rh-postgresql13-postgresql-contrib-13.5-1.el7.x86_64.rpm
SHA-256: dd46d6f57e1d021aba11815a4f7b3a9c2cad25ee64f3f6babff24ff085f3fc50
rh-postgresql13-postgresql-contrib-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 118e29f06e9eacccb9c7bb524df551ff6e6dee82d7fc5a2b87072f50bf093aef
rh-postgresql13-postgresql-debuginfo-13.5-1.el7.x86_64.rpm
SHA-256: ad97a327eff6405ea31d81b8ed40f35dd02aa68b9324f2cb579510d50793b7b8
rh-postgresql13-postgresql-devel-13.5-1.el7.x86_64.rpm
SHA-256: 292a355826b9796f198c85277338e7807ae26d07e7cc389e14e5df8f8693ac77
rh-postgresql13-postgresql-docs-13.5-1.el7.x86_64.rpm
SHA-256: c01e0d414cee5b8ed21a3bab1c5d3f38628e49378c51b42b760c2e575798d8c8
rh-postgresql13-postgresql-libs-13.5-1.el7.x86_64.rpm
SHA-256: 9393b24120ac546679231bc488ef3f75940b264a9b5273548dfdae22c43df854
rh-postgresql13-postgresql-plperl-13.5-1.el7.x86_64.rpm
SHA-256: 82ff75bbc61282a13035d54f54109c6824a68bcd7d24889ddb780a2fc06d41b6
rh-postgresql13-postgresql-plpython-13.5-1.el7.x86_64.rpm
SHA-256: ebedb845d86cfa42a8e60e5506f3aa82b1dc3c86ad524a7af9cbfacb1335b224
rh-postgresql13-postgresql-plpython3-13.5-1.el7.x86_64.rpm
SHA-256: e5bf25ea0ed00199518435213ee5e261fd3331519a0cd66ec27070e690481f0e
rh-postgresql13-postgresql-pltcl-13.5-1.el7.x86_64.rpm
SHA-256: db2f8a8b56efb4df627b58b6f0fd025285a9243bacd1732f0ba45ac59ce7968e
rh-postgresql13-postgresql-server-13.5-1.el7.x86_64.rpm
SHA-256: 5697844da958a2bbc992efe404aae953da9c99005840e37b67cbcf0fe475f626
rh-postgresql13-postgresql-server-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 3b030f1979e890ca04b03b3f7a899b43fac7c09dcfd7f3b155a8e0d2beeca284
rh-postgresql13-postgresql-static-13.5-1.el7.x86_64.rpm
SHA-256: c5f72c1f6480f28880ee356addb1822f131f465e34cd9be6cc06bac0f26f126c
rh-postgresql13-postgresql-syspaths-13.5-1.el7.x86_64.rpm
SHA-256: 8e4703d15202a8789db7a4bfb5f7e30d61269c071eca0cf4bae8b5c2d2cf1869
rh-postgresql13-postgresql-test-13.5-1.el7.x86_64.rpm
SHA-256: a4e55190d9e1f6521457ff871857b8c029576e70ff193ee63635afff6f25e516
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.