This bug was fixed in the package postgresql-10 - 10.19-0ubuntu0.18.04.1
---------------
postgresql-10 (10.19-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream version (LP: #1950268).
+ Make the server reject extraneous data after an SSL or GSS
encryption handshake
CVE-2021-23214
+ Make libpq reject extraneous data after an SSL or GSS
encryption handshake
CVE-2021-23222
+ A dump/restore is not required for those running 10.X.
+ However, note that installations using physical replication should
update standby servers before the primary server, details in the
release notes linked below.
+ Also, several bugs have been found that may have resulted in corrupted
indexes, explained in detail in the release notes linked below. If any
of those cases apply to you, it's recommended to reindex
possibly-affected indexes after updating.
+ Also, if you are upgrading from a version earlier than 10.16,
see those release notes as well please.
+ Details about these and many further changes can be found at:
https://www.postgresql.org/docs/10/release-10-19.html
-- Christian Ehrhardt <[email protected]> Tue, 09 Nov
2021 09:39:50 +0100
** Changed in: postgresql-10 (Ubuntu Bionic)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23214
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23222
** Changed in: postgresql-12 (Ubuntu Focal)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950268
Title:
New upstream microreleases 10.19 12.9 13.5, 14.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-10/+bug/1950268/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
