This security bulletin contains one medium risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the way PostgreSQL handles encrypted connections. When the server is configured to use
trust authentication with a
clientcert requirement or to use
authentication, a man-in-the-middle attacker can inject arbitrary SQL
queries when a connection is first established, despite the use of SSL
certificate verification and encryption.
Update the affected package postgresql to version 13.5-1.Vulnerable software versions
Arch Linux: All versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?