This bug was fixed in the package postgresql-10 - 10.19-0ubuntu0.18.04.1 --------------- postgresql-10 (10.19-0ubuntu0.18.04.1) bionic-security; urgency=medium
* New upstream version (LP: #1950268). + Make the server reject extraneous data after an SSL or GSS encryption handshake CVE-2021-23214 + Make libpq reject extraneous data after an SSL or GSS encryption handshake CVE-2021-23222 + A dump/restore is not required for those running 10.X. + However, note that installations using physical replication should update standby servers before the primary server, details in the release notes linked below. + Also, several bugs have been found that may have resulted in corrupted indexes, explained in detail in the release notes linked below. If any of those cases apply to you, it's recommended to reindex possibly-affected indexes after updating. + Also, if you are upgrading from a version earlier than 10.16, see those release notes as well please. + Details about these and many further changes can be found at: https://www.postgresql.org/docs/10/release-10-19.html -- Christian Ehrhardt <christian.ehrha...@canonical.com> Tue, 09 Nov 2021 09:39:50 +0100 ** Changed in: postgresql-10 (Ubuntu Bionic) Status: In Progress => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23214 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23222 ** Changed in: postgresql-12 (Ubuntu Focal) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950268 Title: New upstream microreleases 10.19 12.9 13.5, 14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postgresql-10/+bug/1950268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs