[ubuntu/hirsute-security] postgresql-13 13.4-0ubuntu0.21.04.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Aug 12 17:11:22 UTC 2021

postgresql-13 (13.4-0ubuntu0.21.04.1) hirsute-security; urgency=medium

  * New upstream version (LP: #1928773).

    + Fix mis-planning of repeated application of a projection step (Tom Lane)

      The planner could create an incorrect plan in cases where two
      ProjectionPaths were stacked on top of each other.  The only known
      way to trigger that situation involves parallel sort operations, but
      there may be other instances.  The result would be crashes or
      incorrect query results.
      Disclosure of server memory contents is also possible.

    + Disallow SSL renegotiation more completely (Michael Paquier)

      SSL renegotiation has been disabled for some time, but the server
      would still cooperate with a client-initiated renegotiation request.
      A maliciously crafted renegotiation request could result in a server
      crash (see OpenSSL issue CVE-2021-3449).  Disable the feature
      altogether on OpenSSL versions that permit doing so, which are
      1.1.0h and newer.

    + Details about these and many further changes can be found at:

Date: 2021-08-12 11:05:34.469092+00:00
Changed-By: Christian Ehrhardt  <christian.ehrhardt at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Hirsute-changes mailing list