[ubuntu/focal-security] postgresql-12 12.8-0ubuntu0.20.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 12 17:11:25 UTC 2021


postgresql-12 (12.8-0ubuntu0.20.04.1) focal-security; urgency=medium

  * New upstream version (LP: #1939396).

    + Disallow SSL renegotiation more completely (Michael Paquier)

      SSL renegotiation has been disabled for some time, but the server
      would still cooperate with a client-initiated renegotiation request.
      A maliciously crafted renegotiation request could result in a server
      crash (see OpenSSL issue CVE-2021-3449).  Disable the feature
      altogether on OpenSSL versions that permit doing so, which are
      1.1.0h and newer.
      (CVE-2021-3449)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/12/release-12-8.html

Date: 2021-08-12 11:11:27.176323+00:00
Changed-By: Christian Ehrhardt  <christian.ehrhardt at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-12/12.8-0ubuntu0.20.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list