Bug 1956876 (CVE-2021-32027)

Summary: CVE-2021-32027 postgresql: Buffer overrun from integer overflow in array subscripting calculations
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: aboyko, aileenc, akoufoud, alazarot, almorale, anon.amish, anstephe, asoldano, atangrin, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, databases-maint, devrim, dkreling, dosoudil, drieden, eleandro, etirelli, fjanus, fjuma, ggaughan, gmalinko, gsmet, hamadhan, hhorak, ibek, iweiss, janstey, jmlich83, jochrist, jorton, jpallich, jperkins, jstastny, jwon, kaycoth, krathod, kverlaen, kwills, lgao, lthon, mcascell, mike, mnovotny, msochure, msvehla, mszynkie, nwallace, panovotn, peholase, pgallagh, pjindal, pkubat, pmackay, praiskup, probinso, rguimara, rrajasek, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, security-response-team, smaestri, tgl, tom.jenkinson, tzimanyi, yborgess
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-09 15:03:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1962794, 1962795, 1962796, 1962797, 1962798, 1962799, 1962800, 1963687, 1963688, 1963689, 1964497, 1964500, 1964501, 1964502, 1964503, 1964507, 1964508, 1964509, 1964510, 1964511, 1964514, 1964515, 1964516, 1964517, 1964518, 1964519, 1964520, 1964521, 1966334, 1966335, 1966336, 1966337, 1966338, 1966339    
Bug Blocks: 1956885, 1956886    

Description Michael Kaplan 2021-05-04 15:13:26 UTC
While modifying certain SQL array values, missing bounds checks let
authenticated database users write arbitrary bytes to a wide area of server
memory.

Comment 4 Mauro Matteo Cascella 2021-05-20 15:59:43 UTC
Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962799]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962798]


Created postgresql:10/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962797]


Created postgresql:11/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962796]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962795]


Created postgresql:13/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962800]


Created postgresql:9.6/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 1962794]

Comment 13 Mauro Matteo Cascella 2021-06-03 19:58:35 UTC
Upstream advisory:
https://www.postgresql.org/support/security/CVE-2021-32027/

Comment 15 errata-xmlrpc 2021-06-09 12:01:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2360 https://access.redhat.com/errata/RHSA-2021:2360

Comment 16 errata-xmlrpc 2021-06-09 12:13:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2361 https://access.redhat.com/errata/RHSA-2021:2361

Comment 17 Product Security DevOps Team 2021-06-09 15:03:56 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32027

Comment 18 Product Security DevOps Team 2021-06-09 21:03:54 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32027

Comment 19 errata-xmlrpc 2021-06-10 10:07:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2372 https://access.redhat.com/errata/RHSA-2021:2372

Comment 20 errata-xmlrpc 2021-06-10 11:20:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2375 https://access.redhat.com/errata/RHSA-2021:2375

Comment 21 errata-xmlrpc 2021-06-14 07:47:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2392 https://access.redhat.com/errata/RHSA-2021:2392

Comment 22 errata-xmlrpc 2021-06-14 07:50:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2393 https://access.redhat.com/errata/RHSA-2021:2393

Comment 23 errata-xmlrpc 2021-06-14 08:53:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2389 https://access.redhat.com/errata/RHSA-2021:2389

Comment 24 errata-xmlrpc 2021-06-14 08:54:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2391 https://access.redhat.com/errata/RHSA-2021:2391

Comment 25 errata-xmlrpc 2021-06-14 08:55:52 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:2395 https://access.redhat.com/errata/RHSA-2021:2395

Comment 26 errata-xmlrpc 2021-06-14 09:07:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2390 https://access.redhat.com/errata/RHSA-2021:2390

Comment 27 errata-xmlrpc 2021-06-14 09:17:30 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:2394 https://access.redhat.com/errata/RHSA-2021:2394

Comment 28 errata-xmlrpc 2021-06-14 09:25:51 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2021:2396 https://access.redhat.com/errata/RHSA-2021:2396

Comment 29 errata-xmlrpc 2021-06-14 09:35:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:2397 https://access.redhat.com/errata/RHSA-2021:2397