Ubuntu
postgresql-12 package

  1. Bug #1950268
  2. Comment #13

Comment 13 for bug 1950268

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-13 - 13.5-0ubuntu0.21.04.1

---------------
postgresql-13 (13.5-0ubuntu0.21.04.1) hirsute-security; urgency=medium

  * New upstream version (LP: #1950268).

    + Make the server reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23214

    + Make libpq reject extraneous data after an SSL or GSS
      encryption handshake
      CVE-2021-23222

    + A dump/restore is not required for those running 13.X.

    + However, note that installations using physical replication should
      update standby servers before the primary server, details in the
      release notes linked below.

    + Also, several bugs have been found that may have resulted in corrupted
      indexes, explained in detail in the release notes linked below. If any
      of those cases apply to you, it's recommended to reindex
      possibly-affected indexes after updating.

    + Also, if you are upgrading from a version earlier than 13.2,
      see those release notes as well please.

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/13/release-13-5.html

 -- Christian Ehrhardt <email address hidden> Tue, 09 Nov 2021 09:39:54 +0100