ArchLinux: 202106-15: postgresql: multiple issues | LinuxSecurity.com

Advisories

Arch Linux Security Advisory ASA-202106-15
==========================================

Severity: Medium
Date    : 2021-06-01
CVE-ID  : CVE-2021-32027 CVE-2021-32028 CVE-2021-32029
Package : postgresql
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1956

Summary
=======

The package postgresql before version 13.3-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution
==========

Upgrade to 13.3-1.

# pacman -Syu "postgresql>=13.3-1"

The problems have been fixed upstream in version 13.3.

Workaround
==========

None.

Description
===========

- CVE-2021-32027 (arbitrary code execution)

A security issue was found in PostgreSQL before version 13.3. While
modifying certain SQL array values, missing bounds checks let
authenticated database users write arbitrary bytes to a wide area of
server memory.

- CVE-2021-32028 (information disclosure)

A security issue was found in PostgreSQL before version 13.3. Using an
INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted
table, an attacker can read arbitrary bytes of server memory. In the
default configuration, any authenticated database user can create
prerequisite objects and complete this attack at will. A user lacking
the CREATE and TEMPORARY privileges on all databases and the CREATE
privilege on all schemas cannot use this attack at will.

- CVE-2021-32029 (information disclosure)

A security issue was found in PostgreSQL before version 13.3. Using an
UPDATE ... RETURNING on a purpose-crafted partitioned table, an
attacker can read arbitrary bytes of server memory. In the default
configuration, any authenticated database user can create prerequisite
objects and complete this attack at will. A user lacking the CREATE and
TEMPORARY privileges on all databases and the CREATE privilege on all
schemas typically cannot use this attack at will.

Impact
======

An authenticated remote attacker could read the database server memory
or execute arbitrary code on the server.

References
==========

https://www.postgresql.org/support/security/CVE-2021-32027/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=467395bfdf33f1ccf67ca388ffdcc927271544cb
https://www.postgresql.org/support/security/CVE-2021-32028/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f
https://www.postgresql.org/support/security/CVE-2021-32029/
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3
https://security.archlinux.org/CVE-2021-32027
https://security.archlinux.org/CVE-2021-32028
https://security.archlinux.org/CVE-2021-32029

ArchLinux: 202106-15: postgresql: multiple issues

June 3, 2021
The package postgresql before version 13.3-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure

Summary

- CVE-2021-32027 (arbitrary code execution)
A security issue was found in PostgreSQL before version 13.3. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory.
- CVE-2021-32028 (information disclosure)
A security issue was found in PostgreSQL before version 13.3. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
- CVE-2021-32029 (information disclosure)
A security issue was found in PostgreSQL before version 13.3. Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.

Resolution

Upgrade to 13.3-1.
# pacman -Syu "postgresql>=13.3-1"
The problems have been fixed upstream in version 13.3.

References

https://www.postgresql.org/support/security/CVE-2021-32027/ https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=467395bfdf33f1ccf67ca388ffdcc927271544cb https://www.postgresql.org/support/security/CVE-2021-32028/ https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f https://www.postgresql.org/support/security/CVE-2021-32029/ https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 https://security.archlinux.org/CVE-2021-32027 https://security.archlinux.org/CVE-2021-32028 https://security.archlinux.org/CVE-2021-32029

Severity
CVE-ID : CVE-2021-32027 CVE-2021-32028 CVE-2021-32029
Package : postgresql
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1956

Impact

An authenticated remote attacker could read the database server memory or execute arbitrary code on the server.

Workaround

None.

Related News

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.