Ubuntu
postgresql-13 package

  1. Hirsute (21.04)
  2. Bug #1939396
  3. Comment #12

Comment 12 for bug 1939396

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-10 - 10.18-0ubuntu0.18.04.1

---------------
postgresql-10 (10.18-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * New upstream version (LP: #1939396).

    + Disallow SSL renegotiation more completely (Michael Paquier)

      SSL renegotiation has been disabled for some time, but the server
      would still cooperate with a client-initiated renegotiation request.
      A maliciously crafted renegotiation request could result in a server
      crash (see OpenSSL issue CVE-2021-3449). Disable the feature
      altogether on OpenSSL versions that permit doing so, which are
      1.1.0h and newer.
      (CVE-2021-3449)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/10/release-10-18.html

    + d/p/reproducible-bki: refreshed for 10.18

 -- Christian Ehrhardt <email address hidden> Tue, 10 Aug 2021 14:18:35 +0200