Bug 1956876 (CVE-2021-32027)
Summary: | CVE-2021-32027 postgresql: Buffer overrun from integer overflow in array subscripting calculations | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aboyko, aileenc, akoufoud, alazarot, almorale, anon.amish, anstephe, asoldano, atangrin, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, clement.escoffier, dandread, darran.lofthouse, databases-maint, devrim, dkreling, dosoudil, drieden, eleandro, etirelli, fjanus, fjuma, ggaughan, gmalinko, gsmet, hamadhan, hhorak, ibek, iweiss, janstey, jmlich83, jochrist, jorton, jpallich, jperkins, jstastny, jwon, kaycoth, krathod, kverlaen, kwills, lgao, lthon, mcascell, mike, mnovotny, msochure, msvehla, mszynkie, nwallace, panovotn, peholase, pgallagh, pjindal, pkubat, pmackay, praiskup, probinso, rguimara, rrajasek, rruss, rstancel, rsvoboda, sbiarozk, sdouglas, security-response-team, smaestri, tgl, tom.jenkinson, tzimanyi, yborgess |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | postgresql 13.3, postgresql 12.7, postgresql 11.12, postgresql 10.17, postgresql 9.6.22 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-09 15:03:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1962794, 1962795, 1962796, 1962797, 1962798, 1962799, 1962800, 1963687, 1963688, 1963689, 1964497, 1964500, 1964501, 1964502, 1964503, 1964507, 1964508, 1964509, 1964510, 1964511, 1964514, 1964515, 1964516, 1964517, 1964518, 1964519, 1964520, 1964521, 1966334, 1966335, 1966336, 1966337, 1966338, 1966339 | ||
Bug Blocks: | 1956885, 1956886 |
Description
Michael Kaplan
2021-05-04 15:13:26 UTC
Upstream fix: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f02b9085ad2f6fefd9c5cdf85579cb9f0ff0f0ea [master] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb [REL_13_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3b0f6a7ae5d812d9a70fc854d2e54d3657467e25 [REL_12_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=06bfbe85409177bff7bc5376fb5fdd7a324227c3 [REL_11_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2fb809d3e1927c0885ad80e18dd3a3aacd612b8b [REL_10_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0c1caa48d3ccb7a5d1343b53aa32fcae45dc2d00 [REL9_6_STABLE] Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962799] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962798] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962797] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962796] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962795] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962800] Created postgresql:9.6/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962794] Upstream advisory: https://www.postgresql.org/support/security/CVE-2021-32027/ This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2360 https://access.redhat.com/errata/RHSA-2021:2360 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2361 https://access.redhat.com/errata/RHSA-2021:2361 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32027 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32027 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2372 https://access.redhat.com/errata/RHSA-2021:2372 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2375 https://access.redhat.com/errata/RHSA-2021:2375 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2392 https://access.redhat.com/errata/RHSA-2021:2392 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2393 https://access.redhat.com/errata/RHSA-2021:2393 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2389 https://access.redhat.com/errata/RHSA-2021:2389 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2391 https://access.redhat.com/errata/RHSA-2021:2391 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2395 https://access.redhat.com/errata/RHSA-2021:2395 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2390 https://access.redhat.com/errata/RHSA-2021:2390 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2394 https://access.redhat.com/errata/RHSA-2021:2394 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2396 https://access.redhat.com/errata/RHSA-2021:2396 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2397 https://access.redhat.com/errata/RHSA-2021:2397 |