Bug 1185925 - (CVE-2021-32028) VUL-0: CVE-2021-32028: postgresql: Fix mishandling of “junk” columns in INSERT ... ON CONFLICT ... UPDATE target lists
(CVE-2021-32028)
VUL-0: CVE-2021-32028: postgresql: Fix mishandling of “junk” columns in INSER...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/283993/
CVSSv3.1:SUSE:CVE-2021-32028:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-05-11 15:23 UTC by Gianluca Gabrielli
Modified: 2021-11-11 18:47 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-05-11 15:23:52 UTC
If the UPDATE list contains any multi-column sub-selects (which
give rise to junk columns in addition to the results proper), the
UPDATE path would end up storing tuples that include the values of
the extra junk columns. That's fairly harmless in the short run,
but if new columns are added to the table then the values would
become accessible, possibly leading to malfunctions if they don't
match the datatypes of the added columns.

In addition, in versions supporting cross-partition updates, a
cross-partition update triggered by such a case had the reverse
problem: the junk columns were removed from the target list,
typically causing an immediate crash due to malfunction of the
multi-column sub-select mechanism.
Comment 4 Gianluca Gabrielli 2021-05-14 11:24:20 UTC
This is now public

https://www.postgresql.org/support/security/CVE-2021-32028/


Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas cannot use this attack at will.
Comment 6 OBSbugzilla Bot 2021-05-14 14:20:07 UTC
This is an autogenerated message for OBS integration:
This bug (1185925) was mentioned in
https://build.opensuse.org/request/show/893131 Factory / postgresql96
https://build.opensuse.org/request/show/893132 Factory / postgresql10
https://build.opensuse.org/request/show/893133 Factory / postgresql11
https://build.opensuse.org/request/show/893134 Factory / postgresql12
https://build.opensuse.org/request/show/893135 Factory / postgresql13
Comment 7 Swamp Workflow Management 2021-05-27 19:16:30 UTC
SUSE-SU-2021:1782-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql10-10.17-4.16.4
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql10-10.17-4.16.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2021-05-27 19:21:27 UTC
SUSE-SU-2021:1784-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql13-13.3-3.9.2, postgresql13-13.3-3.9.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2021-05-27 19:24:05 UTC
SUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    postgresql13-13.3-5.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    postgresql13-13.3-5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2021-05-27 19:25:41 UTC
SUSE-SU-2021:1783-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1182040,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029,CVE-2021-3393
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql12-12.7-3.15.3
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql12-12.7-3.15.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2021-06-14 19:18:17 UTC
SUSE-SU-2021:1970-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1183168,1185924,1185925
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    postgresql10-10.17-8.35.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    postgresql10-10.17-8.35.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    postgresql10-10.17-8.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-06-17 16:18:25 UTC
SUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    postgresql12-12.7-8.20.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    postgresql12-12.7-8.20.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    postgresql12-12.7-8.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-06-18 01:17:43 UTC
openSUSE-SU-2021:0894-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1183168,1185924,1185925
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    postgresql10-10.17-lp152.2.21.1
Comment 14 Swamp Workflow Management 2021-07-10 10:26:09 UTC
openSUSE-SU-2021:1994-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    postgresql12-12.7-8.20.1
Comment 15 Swamp Workflow Management 2021-07-10 22:30:07 UTC
openSUSE-SU-2021:1970-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1183168,1185924,1185925
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    postgresql10-10.17-8.35.1
Comment 16 Swamp Workflow Management 2021-07-11 13:39:50 UTC
SUSE-SU-2021:1785-2: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    postgresql13-13.3-5.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2021-07-11 13:46:58 UTC
openSUSE-SU-2021:1785-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1179945,1183118,1183168,1185924,1185925,1185926
CVE References: CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    postgresql13-13.3-5.10.1
Comment 18 Marcus Meissner 2021-08-11 15:26:41 UTC
done
Comment 19 Swamp Workflow Management 2021-08-19 16:28:41 UTC
SUSE-SU-2021:2777-1: An update that solves two vulnerabilities and has four fixes is now available.

Category: security (moderate)
Bug References: 1179765,1179945,1183118,1183168,1185924,1185925
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    postgresql10-10.17-4.35.1
SUSE Linux Enterprise Server 15-LTSS (src):    postgresql10-10.17-4.35.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    postgresql10-10.17-4.35.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    postgresql10-10.17-4.35.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2021-10-20 16:20:54 UTC
SUSE-SU-2021:3481-1: An update that solves two vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1178961,1179765,1179945,1183118,1183168,1185924,1185925,1185952,1187751,1190177
CVE References: CVE-2021-32027,CVE-2021-32028
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    postgresql10-10.18-4.19.6
SUSE OpenStack Cloud Crowbar 8 (src):    postgresql10-10.18-4.19.6
SUSE OpenStack Cloud 9 (src):    postgresql10-10.18-4.19.6
SUSE OpenStack Cloud 8 (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server 12-SP5 (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server 12-SP3-BCL (src):    postgresql10-10.18-4.19.6
SUSE Linux Enterprise Server 12-SP2-BCL (src):    postgresql10-10.18-4.19.6
HPE Helion Openstack 8 (src):    postgresql10-10.18-4.19.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.