While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory.
Upstream fix: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=f02b9085ad2f6fefd9c5cdf85579cb9f0ff0f0ea [master] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb [REL_13_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3b0f6a7ae5d812d9a70fc854d2e54d3657467e25 [REL_12_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=06bfbe85409177bff7bc5376fb5fdd7a324227c3 [REL_11_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2fb809d3e1927c0885ad80e18dd3a3aacd612b8b [REL_10_STABLE] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=0c1caa48d3ccb7a5d1343b53aa32fcae45dc2d00 [REL9_6_STABLE]
Created mingw-postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962799] Created postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962798] Created postgresql:10/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962797] Created postgresql:11/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962796] Created postgresql:12/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962795] Created postgresql:13/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962800] Created postgresql:9.6/postgresql tracking bugs for this issue: Affects: fedora-all [bug 1962794]
Upstream advisory: https://www.postgresql.org/support/security/CVE-2021-32027/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2360 https://access.redhat.com/errata/RHSA-2021:2360
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2361 https://access.redhat.com/errata/RHSA-2021:2361
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-32027
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2372 https://access.redhat.com/errata/RHSA-2021:2372
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:2375 https://access.redhat.com/errata/RHSA-2021:2375
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2392 https://access.redhat.com/errata/RHSA-2021:2392
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2393 https://access.redhat.com/errata/RHSA-2021:2393
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2389 https://access.redhat.com/errata/RHSA-2021:2389
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2391 https://access.redhat.com/errata/RHSA-2021:2391
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2395 https://access.redhat.com/errata/RHSA-2021:2395
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2390 https://access.redhat.com/errata/RHSA-2021:2390
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2394 https://access.redhat.com/errata/RHSA-2021:2394
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2396 https://access.redhat.com/errata/RHSA-2021:2396
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:2397 https://access.redhat.com/errata/RHSA-2021:2397