This bug was fixed in the package postgresql-10 - 10.18-0ubuntu0.18.04.1
---------------
postgresql-10 (10.18-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream version (LP: #1939396).
+ Disallow SSL renegotiation more completely (Michael Paquier)
SSL renegotiation has been disabled for some time, but the server
would still cooperate with a client-initiated renegotiation request.
A maliciously crafted renegotiation request could result in a server
crash (see OpenSSL issue CVE-2021-3449). Disable the feature
altogether on OpenSSL versions that permit doing so, which are
1.1.0h and newer.
(CVE-2021-3449)
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/release-10-18.html
+ d/p/reproducible-bki: refreshed for 10.18
-- Christian Ehrhardt <[email protected]> Tue, 10 Aug
2021 14:18:35 +0200
** Changed in: postgresql-10 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3449
** Changed in: postgresql-12 (Ubuntu Focal)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939396
Title:
New upstream microreleases 10.18 12.8 13.4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-12/+bug/1939396/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
