Univention Bugzilla – Bug 53898
postgresql-11: Multiple issues (5.0)
Last modified: 2021-10-13 16:18:39 CEST
New Debian postgresql-11 11.13-0+deb10u1 fixes: This update addresses the following issue: * memory disclosure in certain queries (CVE-2021-3677)
--- mirror/ftp/pool/main/p/postgresql-11/postgresql-11_11.12-0+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/postgresql-11_11.13-0+deb10u1.dsc @@ -1,3 +1,24 @@ +11.13-0+deb10u1 [Thu, 26 Aug 2021 14:55:09 +0200] Christoph Berg <myon@debian.org>: + + * New upstream version. + + + Fix mis-planning of repeated application of a projection step (Tom Lane) + + The planner could create an incorrect plan in cases where two + ProjectionPaths were stacked on top of each other. The only known way + to trigger that situation involves parallel sort operations, but there + may be other instances. The result would be crashes or incorrect query + results. Disclosure of server memory contents is also possible. + (CVE-2021-3677) + + + Disallow SSL renegotiation more completely (Michael Paquier) + + SSL renegotiation has been disabled for some time, but the server would + still cooperate with a client-initiated renegotiation request. A + maliciously crafted renegotiation request could result in a server crash + (see OpenSSL issue CVE-2021-3449). Disable the feature altogether on + OpenSSL versions that permit doing so, which are 1.1.0h and newer. + 11.12-0+deb10u1 [Wed, 12 May 2021 16:42:10 +0200] Christoph Berg <myon@debian.org>: * New upstream version. <http://piuparts.knut.univention.de/5.0-0/#7146510513127146812>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x121>