Bug 1185926 - (CVE-2021-32029) VUL-0: CVE-2021-32029: postgresql: Fix possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates
(CVE-2021-32029)
VUL-0: CVE-2021-32029: postgresql: Fix possibly-incorrect computation of UPDA...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/283994/
CVSSv3.1:SUSE:CVE-2021-32029:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-11 15:25 UTC by Gianluca Gabrielli
Modified: 2022-08-31 16:18 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-05-11 15:25:55 UTC
If an UPDATE for a partitioned table caused a row to be moved to
another partition with a physically different row type (for
example, one with a different set of dropped columns), computation
of RETURNING results for that row could produce errors or wrong
answers. No error is observed unless the UPDATE involves other
tables being joined to the target table.
Comment 4 Gianluca Gabrielli 2021-05-14 11:25:27 UTC
This is now public

https://www.postgresql.org/support/security/CVE-2021-32029/


Memory disclosure in partitioned-table UPDATE ... RETURNING

Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.
Comment 5 OBSbugzilla Bot 2021-05-14 14:20:09 UTC
This is an autogenerated message for OBS integration:
This bug (1185926) was mentioned in
https://build.opensuse.org/request/show/893133 Factory / postgresql11
https://build.opensuse.org/request/show/893134 Factory / postgresql12
https://build.opensuse.org/request/show/893135 Factory / postgresql13
Comment 6 Swamp Workflow Management 2021-05-27 19:21:31 UTC
SUSE-SU-2021:1784-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2021-05-27 19:24:10 UTC
SUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    postgresql13-13.3-5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-05-27 19:25:46 UTC
SUSE-SU-2021:1783-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1182040,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029,CVE-2021-3393
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql12-12.7-3.15.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql12-12.7-3.15.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-06-17 16:18:31 UTC
SUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    postgresql12-12.7-8.20.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    postgresql12-12.7-8.20.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    postgresql12-12.7-8.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-07-10 10:26:16 UTC
openSUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    postgresql12-12.7-8.20.1
Comment 11 Swamp Workflow Management 2021-07-11 13:39:57 UTC
SUSE-SU-2021:1785-2: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    postgresql13-13.3-5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-07-11 13:47:05 UTC
openSUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    postgresql13-13.3-5.10.1
Comment 13 Marcus Meissner 2021-08-11 14:42:14 UTC
done
Comment 19 Swamp Workflow Management 2022-08-31 16:18:25 UTC
SUSE-SU-2022:2958-1: An update that solves 8 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 1179945,1183168,1185924,1185925,1185926,1185952,1187751,1189748,1190740,1192516,1195680,1198166,1199475,1202368
CVE References: CVE-2021-23214,CVE-2021-23222,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029,CVE-2021-3677,CVE-2022-1552,CVE-2022-2625
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    postgresql12-12.12-150100.3.33.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    postgresql12-12.12-150100.3.33.1
SUSE Enterprise Storage 6 (src):    postgresql12-12.12-150100.3.33.1
SUSE CaaS Platform 4.0 (src):    postgresql12-12.12-150100.3.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.