Bugzilla – Bug 1185925
VUL-0: CVE-2021-32028: postgresql: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists
Last modified: 2021-11-11 18:47:24 UTC
If the UPDATE list contains any multi-column sub-selects (which give rise to junk columns in addition to the results proper), the UPDATE path would end up storing tuples that include the values of the extra junk columns. That's fairly harmless in the short run, but if new columns are added to the table then the values would become accessible, possibly leading to malfunctions if they don't match the datatypes of the added columns. In addition, in versions supporting cross-partition updates, a cross-partition update triggered by such a case had the reverse problem: the junk columns were removed from the target list, typically causing an immediate crash due to malfunction of the multi-column sub-select mechanism.
This is now public https://www.postgresql.org/support/security/CVE-2021-32028/ Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
Upstream patch: https://github.com/postgres/postgres/commit/049e1e2edb06854d7cd9460c22516efaa165fbf8.patch
This is an autogenerated message for OBS integration: This bug (1185925) was mentioned in https://build.opensuse.org/request/show/893131 Factory / postgresql96 https://build.opensuse.org/request/show/893132 Factory / postgresql10 https://build.opensuse.org/request/show/893133 Factory / postgresql11 https://build.opensuse.org/request/show/893134 Factory / postgresql12 https://build.opensuse.org/request/show/893135 Factory / postgresql13
SUSE-SU-2021:1782-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): postgresql10-10.17-4.16.4 SUSE Linux Enterprise Server 12-SP5 (src): postgresql10-10.17-4.16.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1784-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3 SUSE Linux Enterprise Server 12-SP5 (src): postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): postgresql13-13.3-5.10.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): postgresql13-13.3-5.10.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): postgresql13-13.3-5.10.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): postgresql13-13.3-5.10.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): postgresql13-13.3-5.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1783-1: An update that solves four vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1182040,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029,CVE-2021-3393 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): postgresql12-12.7-3.15.3 SUSE Linux Enterprise Server 12-SP5 (src): postgresql12-12.7-3.15.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1970-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1183168,1185924,1185925 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): postgresql10-10.17-8.35.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): postgresql10-10.17-8.35.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): postgresql10-10.17-8.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): postgresql12-12.7-8.20.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): postgresql12-12.7-8.20.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): postgresql12-12.7-8.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0894-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1183168,1185924,1185925 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: openSUSE Leap 15.2 (src): postgresql10-10.17-lp152.2.21.1
openSUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: openSUSE Leap 15.3 (src): postgresql12-12.7-8.20.1
openSUSE-SU-2021:1970-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1183168,1185924,1185925 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: openSUSE Leap 15.3 (src): postgresql10-10.17-8.35.1
SUSE-SU-2021:1785-2: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): postgresql13-13.3-5.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 1179945,1183118,1183168,1185924,1185925,1185926 CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029 JIRA References: Sources used: openSUSE Leap 15.3 (src): postgresql13-13.3-5.10.1
done
SUSE-SU-2021:2777-1: An update that solves two vulnerabilities and has four fixes is now available. Category: security (moderate) Bug References: 1179765,1179945,1183118,1183168,1185924,1185925 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): postgresql10-10.17-4.35.1 SUSE Linux Enterprise Server 15-LTSS (src): postgresql10-10.17-4.35.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): postgresql10-10.17-4.35.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): postgresql10-10.17-4.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3481-1: An update that solves two vulnerabilities and has 8 fixes is now available. Category: security (important) Bug References: 1178961,1179765,1179945,1183118,1183168,1185924,1185925,1185952,1187751,1190177 CVE References: CVE-2021-32027,CVE-2021-32028 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): postgresql10-10.18-4.19.6 SUSE OpenStack Cloud Crowbar 8 (src): postgresql10-10.18-4.19.6 SUSE OpenStack Cloud 9 (src): postgresql10-10.18-4.19.6 SUSE OpenStack Cloud 8 (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server for SAP 12-SP4 (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server for SAP 12-SP3 (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server 12-SP5 (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server 12-SP4-LTSS (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server 12-SP3-LTSS (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server 12-SP3-BCL (src): postgresql10-10.18-4.19.6 SUSE Linux Enterprise Server 12-SP2-BCL (src): postgresql10-10.18-4.19.6 HPE Helion Openstack 8 (src): postgresql10-10.18-4.19.6 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.