{"id":"MGASA-2021-0121","summary":"Updated postgresql packages fix security vulnerabilities","details":"A user having an UPDATE privilege on a partitioned table but lacking the SELECT\nprivilege on some column may be able to acquire denied-column values from an\nerror message (CVE-2021-3393).\n\nA user having a SELECT privilege on an individual column can craft a special\nquery that returns all columns of the table. Additionally, a stored view that\nuses column-level privileges will have incomplete column-usage bitmaps. In\ninstallations that depend on column-level permissions for security, it is\nrecommended to execute CREATE OR REPLACE on all user-defined views to force\nthem to be re-parsed (CVE-2021-20229).\n\nPostgreSQL 11 was only affected by CVE-2021-3393 and both PostgreSQL 11 and 13\nwere affected by CVE-2021-20229.  PostgreSQL 9.6 was updated to fix bugs.\n","modified":"2026-04-16T04:44:06.627542613Z","published":"2021-03-12T01:25:47Z","upstream":["CVE-2021-20229","CVE-2021-3393"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0121.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28373"},{"type":"WEB","url":"https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/"}],"affected":[{"package":{"name":"postgresql9.6","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql9.6?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.6.21-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0121.json"}},{"package":{"name":"postgresql11","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/postgresql11?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.11-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0121.json"}},{"package":{"name":"postgresql11","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/postgresql11?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"11.11-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0121.json"}},{"package":{"name":"postgresql13","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/postgresql13?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.2-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0121.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}