| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | adam(dot)taylor(at)frontiermedex(dot)com |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #10184: OpenSSL Vulnerability |
| Date: | 2014-04-30 16:51:25 |
| Message-ID: | 20140430165125.GI2556@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Adam,
* adam(dot)taylor(at)frontiermedex(dot)com (adam(dot)taylor(at)frontiermedex(dot)com) wrote:
> PostgreSQL version: 9.0.0
You should really upgrade to the latest if you're actually on 9.0.0.
> We were alerted of a new vulnerability found in OpenSSL (versions 1.0.1 and
> 1.0.2beta) that could enable remote, unauthorized access to your systems. I
> have included the specifics below.
The vulnerability was in OpenSSL. If you are using SSL with PostgreSQL
then you will want to verify that you have installed the latest version
of OpenSSL and that you have restarted the PostgreSQL server after
installing it.
If you are using PostgreSQL binaries from a distributor then you should
verify that you are using the latest versions and that they have been
updated. The major Linux distributions (RedHat, CentOS, Debian, Ubuntu,
etc) have provided updates for their supported releases. The Windows
installer distributed by EDB has also been updated; you'll want to
download and install the latest minor version for the PG major version
which you're running. You should also review the release notes for all
versions between the one you are on and what you are upgrading to.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rainer Tammer | 2014-04-30 17:09:37 | Re: Problem with PostgreSQL 9.2.7 and make check on AIX 7.1 |
| Previous Message | adam.taylor | 2014-04-30 11:50:49 | BUG #10184: OpenSSL Vulnerability |