CVE-2021-32029

Published: 13 May 2021

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
postgresql-10
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-12
Launchpad, Ubuntu, Debian
Upstream
Released (12.7)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa)
Released (12.7-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-13
Launchpad, Ubuntu, Debian
Upstream
Released (13.3)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(13.3-1)
Ubuntu 21.04 (Hirsute Hippo)
Released (13.3-0ubuntu0.21.04.1)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

postgresql-9.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Deferred
(2019-08-23)
postgresql-9.5
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
leosilva
PostgreSQL 9.1 is end of life upstream, and no updates are
are available. Marking as ignored in precise.
PostgreSQL 9.3 is end of life upstream, and no updates are
are available. Marking as deferred in -esm-main releases.
avital
Affects versions 11 - 13

References