MGASA-2021-0121
- Source
- https://advisories.mageia.org/MGASA-2021-0121.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0121.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2021-0121
- Related
- Published
- 2021-03-12T01:25:47Z
- Modified
- 2021-03-12T00:13:27Z
- Summary
- Updated postgresql packages fix security vulnerabilities
- Details
-
A user having an UPDATE privilege on a partitioned table but lacking the SELECT privilege on some column may be able to acquire denied-column values from an error message (CVE-2021-3393).
A user having a SELECT privilege on an individual column can craft a special query that returns all columns of the table. Additionally, a stored view that uses column-level privileges will have incomplete column-usage bitmaps. In installations that depend on column-level permissions for security, it is recommended to execute CREATE OR REPLACE on all user-defined views to force them to be re-parsed (CVE-2021-20229).
PostgreSQL 11 was only affected by CVE-2021-3393 and both PostgreSQL 11 and 13 were affected by CVE-2021-20229. PostgreSQL 9.6 was updated to fix bugs.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / postgresql11
Package
- Name
- postgresql11
- Purl
- pkg:rpm/mageia/postgresql11?distro=mageia-8
Mageia:8 / postgresql13
Package
- Name
- postgresql13
- Purl
- pkg:rpm/mageia/postgresql13?distro=mageia-8
Mageia:7 / postgresql9.6
Package
- Name
- postgresql9.6
- Purl
- pkg:rpm/mageia/postgresql9.6?distro=mageia-7
Mageia:7 / postgresql11
Package
- Name
- postgresql11
- Purl
- pkg:rpm/mageia/postgresql11?distro=mageia-7