[ubuntu/focal-security] postgresql-12 12.8-0ubuntu0.20.04.1 (Accepted)
marc.deslauriers at canonical.com
Thu Aug 12 17:11:25 UTC 2021
postgresql-12 (12.8-0ubuntu0.20.04.1) focal-security; urgency=medium
* New upstream version (LP: #1939396).
+ Disallow SSL renegotiation more completely (Michael Paquier)
SSL renegotiation has been disabled for some time, but the server
would still cooperate with a client-initiated renegotiation request.
A maliciously crafted renegotiation request could result in a server
crash (see OpenSSL issue CVE-2021-3449). Disable the feature
altogether on OpenSSL versions that permit doing so, which are
1.1.0h and newer.
+ Details about these and many further changes can be found at:
Date: 2021-08-12 11:11:27.176323+00:00
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes