Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962777] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962776] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962775] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962778] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962779]
Upstream commits: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 [REL_13_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3fb93103a9fd5182f4f75d6da87dadcb3b36d7b1 [REL_12_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=27835b5476642d6a4eeb06e32095d29daeb9c585 [REL_11_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=d479d00285255d422a2b38f1cfaa35808968a08c [master] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2602ee4689c7691196568c59656662acf3be4e87 [REL_13_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=05ce4bf8b1d45cc55762fab627ea91d1ffbbdc03 [REL_12_STABLE]
Upstream advisory: https://www.postgresql.org/support/security/CVE-2021-32029/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2372 https://access.redhat.com/errata/RHSA-2021:2372
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2375 https://access.redhat.com/errata/RHSA-2021:2375
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32029
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2389 https://access.redhat.com/errata/RHSA-2021:2389
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2394 https://access.redhat.com/errata/RHSA-2021:2394
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2396 https://access.redhat.com/errata/RHSA-2021:2396