Updated postgresql packages fix security vulnerabilities

2021-05-2321:45:17

Gentoo Foundation

advisories.mageia.org

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.4%

JSON

Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027). Memory disclosure in INSERT … ON CONFLICT … DO UPDATE. (CVE-2021-32028). Memory disclosure in partitioned-table UPDATE … RETURNING. (CVE-2021-32029).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchpostgresql9.6< 9.6.22-1postgresql9.6-9.6.22-1.mga7
Mageia7noarchpostgresql11< 11.12-1postgresql11-11.12-1.mga7
Mageia8noarchpostgresql11< 11.12-1postgresql11-11.12-1.mga8
Mageia8noarchpostgresql13< 13.3-1postgresql13-13.3-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	postgresql9.6	< 9.6.22-1	postgresql9.6-9.6.22-1.mga7
Mageia	7	noarch	postgresql11	< 11.12-1	postgresql11-11.12-1.mga7
Mageia	8	noarch	postgresql11	< 11.12-1	postgresql11-11.12-1.mga8
Mageia	8	noarch	postgresql13	< 13.3-1	postgresql13-13.3-1.mga8