What is the severity of RHSA-2021:0165?

The severity of RHSA-2021:0165 is classified as important.

How do I fix RHSA-2021:0165?

To fix RHSA-2021:0165, upgrade the libpq, libpq-debuginfo, libpq-debugsource, and libpq-devel packages to version 12.5-2.el8_1.

Which packages are affected by RHSA-2021:0165?

The affected packages include libpq, libpq-debuginfo, libpq-debugsource, and libpq-devel on various architectures.

What vulnerabilities does RHSA-2021:0165 address?

RHSA-2021:0165 addresses vulnerabilities related to the PostgreSQL client library that could affect connectivity and security.

Is there a recommended version for the packages fixed by RHSA-2021:0165?

The recommended version for the packages fixed by RHSA-2021:0165 is 12.5-2.el8_1.

Vulnerability/
RHSA-2021:0165

18/1/2021

RHSA-2021:0165: Important: libpq security update

First published: Mon Jan 18 2021(Updated: )

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. <br>The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898226, BZ#1901561)<br>Security Fix(es):<br><li> postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694)</li> <li> postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/libpq	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debugsource	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debugsource	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-debugsource	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq-devel-debuginfo	<12.5-2.el8_1	12.5-2.el8_1
redhat/libpq	<12.5-2.el8_1.aa	12.5-2.el8_1.aa
redhat/libpq-debuginfo	<12.5-2.el8_1.aa	12.5-2.el8_1.aa
redhat/libpq-debugsource	<12.5-2.el8_1.aa	12.5-2.el8_1.aa
redhat/libpq-devel	<12.5-2.el8_1.aa	12.5-2.el8_1.aa
redhat/libpq-devel-debuginfo	<12.5-2.el8_1.aa	12.5-2.el8_1.aa

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2021:0165?
The severity of RHSA-2021:0165 is classified as important.
How do I fix RHSA-2021:0165?
To fix RHSA-2021:0165, upgrade the libpq, libpq-debuginfo, libpq-debugsource, and libpq-devel packages to version 12.5-2.el8_1.
Which packages are affected by RHSA-2021:0165?
The affected packages include libpq, libpq-debuginfo, libpq-debugsource, and libpq-devel on various architectures.
What vulnerabilities does RHSA-2021:0165 address?
RHSA-2021:0165 addresses vulnerabilities related to the PostgreSQL client library that could affect connectivity and security.
Is there a recommended version for the packages fixed by RHSA-2021:0165?
The recommended version for the packages fixed by RHSA-2021:0165 is 12.5-2.el8_1.

agent/severity
agent/references
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:0165
agent/software-canonical-lookup
agent/remedy
agent/title
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat