Advisories » MGASA-2021-0221

Updated postgresql packages fix security vulnerabilities

Publication date: 23 May 2021
Modification date: 23 May 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-32027 , CVE-2021-32029 , CVE-2021-32029

Description

Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027).

Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE. (CVE-2021-32028).

Memory disclosure in partitioned-table UPDATE ... RETURNING. (CVE-2021-32029).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28929
• https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
• https://www.cve.org/CVERecord?id=CVE-2021-32027
• https://www.cve.org/CVERecord?id=CVE-2021-32029
• https://www.cve.org/CVERecord?id=CVE-2021-32029

SRPMS

7/core

• postgresql9.6-9.6.22-1.mga7
• postgresql11-11.12-1.mga7

8/core

• postgresql11-11.12-1.mga8
• postgresql13-13.3-1.mga8