postgresql:13 security update

エラータID: AXSA:2021-2338:01

Release date: 
Wednesday, August 11, 2021 - 12:27
Subject: 
postgresql:13 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: postgresql (13.3).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027)
* postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028)
* postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING (CVE-2021-32029)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-32029
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Modularity name: postgresql
Stream name: 13

Solution: 

Update packages.

CVEs: 
CVE-2021-32027
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-32028
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-32029
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.5.0-1.module+el8+1284+800b8f56.src.rpm
    MD5: 4f04c765b757a2a7649cedd7ddea6b57
    SHA-256: 209f4d575e9f9b0ce952a42ee4df18b86ed0a71f6d0a2245eed780801c1a37d0
    Size: 42.62 kB
  2. postgres-decoderbufs-0.10.0-2.module+el8+1284+800b8f56.src.rpm
    MD5: cbaaafd77d464737732b595db0e4e0d2
    SHA-256: 536d9f4f108be8f5adda5816c8946df8b7d57c956dfbd3fbdcd223a1698ad439
    Size: 21.15 kB
  3. postgresql-13.3-1.module+el8+1284+800b8f56.src.rpm
    MD5: 2544767c719821d81d052365fdee7c0f
    SHA-256: 6e5c194a51c84052947ef8b64f819f77050c4d442a99a2f39d50fd6694246279
    Size: 47.56 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.5.0-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 4cfd4cb3f33ed37ddb7015c2a97a6e99
    SHA-256: c1bf1704e0dd92261926c5266c911cbd5fd1c9acbffad4fb2b8ff24aae6f2c82
    Size: 27.03 kB
  2. pgaudit-debugsource-1.5.0-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 5373c8f647cd2a0eb4a3e35f09e65524
    SHA-256: dd36c322275185d7202455af3efc29c9a8c1d6596e3c93e4a59b1669525aedd5
    Size: 22.82 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 459739d271298ccb496462a8e4df77b4
    SHA-256: 2ec089bc8bda0dd0f010f3f57fb000f1bb7944ca34b657acf1045c4c1351fd41
    Size: 21.90 kB
  4. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 68454631de8522dc4f6d65b2e001d30b
    SHA-256: e7a2167842a01788ae16d3a8a0c49c845be65556aa9b9fce110ef2cef352b12b
    Size: 16.82 kB
  5. postgresql-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: b2ab04969362015d78773637cef5cbb6
    SHA-256: b8bbb6292aa2304ff52ed93a2f9c1eb50200664993e78ac778c8c4da76b1bba0
    Size: 1.53 MB
  6. postgresql-contrib-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 0480e7c60d3d9e077d5ec903eb2f0bcd
    SHA-256: cd010ec72032349f61902708d9bf8ff3c2b5245bde09795d2497ad0849b4c317
    Size: 874.30 kB
  7. postgresql-debugsource-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 3a8cea6475a9530fba4997f07f39c567
    SHA-256: b96f61d02f847fb1c032d7b19f55c7e309e5981375d04921b114389a8261ed9b
    Size: 17.53 MB
  8. postgresql-docs-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 05eff539a026914a76074240dd01dff2
    SHA-256: 0af027b6bc4b31926f22ed69c66898cc1c616f32042f3963aeae23621fc1017b
    Size: 9.54 MB
  9. postgresql-plperl-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 87f68902cc891183879d2eb5d7f51c65
    SHA-256: fe11d7918c169e689e0396989e4fa64b1455ace74a68772fc826da83d2c4fee0
    Size: 111.23 kB
  10. postgresql-plpython3-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 73a6edec2ce825c0096cd8d9ba83280e
    SHA-256: c0b62ae9dfabf3d88bc403d599ba2d1376ca7077658650c3c4c2a67ae4170663
    Size: 127.21 kB
  11. postgresql-pltcl-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 6038c735406ae1e02acd0751a33d220c
    SHA-256: cb26981b674dce444c947261bd85a567e0830bc253e4e19b90559eea40d40f8b
    Size: 84.12 kB
  12. postgresql-server-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 005c175c42640e167fe22bcc6506dcd6
    SHA-256: adea66cf674a0249dd3c0f2d9a876968e571db0e1be830a4f01834f8200748c9
    Size: 5.64 MB
  13. postgresql-server-devel-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 158398e6d777fb2c1e90ff65911b7bd0
    SHA-256: 3a77f19622ac2c5408211bc8acfc118c16cf9063cd647b6513b9cec13813418d
    Size: 1.18 MB
  14. postgresql-static-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 82bcd76b8931f17016e7c18e00ef7b9d
    SHA-256: 4315420a2473f5fb734b16cc66d10ded6d56a23877b74d42980f01cb9ace4b51
    Size: 188.29 kB
  15. postgresql-test-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 0aaf97e015aea380971493ce5debf02d
    SHA-256: da5c4d294bfb4c296a1c865a5ac3472bbaec351a56949d7616a5fc12c84eeca4
    Size: 1.99 MB
  16. postgresql-test-rpm-macros-13.3-1.module+el8+1284+800b8f56.noarch.rpm
    MD5: cf175ba930dd5c97d50741b07e3a05f8
    SHA-256: 636bc9069e3c5b71bbb8ad8332b93f643a7cd2414327aacb0be490eccec0eb4e
    Size: 51.73 kB
  17. postgresql-upgrade-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 37ab7359c393f3e53775d6679e8606f3
    SHA-256: ca2dd5cfd96d2aaca31e458202a96281a15a7fb05cdc0c842be2462b5b8aa3cd
    Size: 4.39 MB
  18. postgresql-upgrade-devel-13.3-1.module+el8+1284+800b8f56.x86_64.rpm
    MD5: 66d1296dd7a773d28f78ea288788a3e9
    SHA-256: fcdf2a42a63e8c83cc9b2c2a112524aa0277b574c471dab55be6983c89356a47
    Size: 1.10 MB