I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
@AndresFreundTec what's really remarkable is that you've found the attack not through a functional analysis or formal review but with a sound software engineering approach: the Valgrind effect had been tinkered on - the CPU load impact, however, is a classical side channel usually only used for attack, not for defense. Kudos for making the role of good software engineering obvious for systems security! #security #oss