Main Vulnerability Database SB2021111931

SB2021111931 - openEuler update for postgresql

Published: November 19, 2021

Security Bulletin ID SB2021111931

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2021-32028)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak within the INSERT ... ON CONFLICT ... DO UPDATE command implementation. A remote authenticated database user can execute the affected command to read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1439

Vulnerable Software

openEuler: 20.03 LTS SP1 - 20.03 LTS SP2
postgresql-debugsource: before 10.5-22
postgresql-plpython3: before 10.5-22
postgresql-server: before 10.5-22
postgresql-test-rpm-macros: before 10.5-22
postgresql-pltcl: before 10.5-22
postgresql-help: before 10.5-22
postgresql-devel: before 10.5-22
postgresql-debuginfo: before 10.5-22
postgresql-test: before 10.5-22
postgresql-libs: before 10.5-22
postgresql-plperl: before 10.5-22
postgresql-contrib: before 10.5-22
postgresql-static: before 10.5-22
postgresql: before 10.5-22

SB2021111931 - openEuler update for postgresql

Breakdown by Severity

Description

Remediation

References

Please verify you're human