Re: BUG #10184: OpenSSL Vulnerability

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: adam(dot)taylor(at)frontiermedex(dot)com
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #10184: OpenSSL Vulnerability
Date: 2014-04-30 16:51:25
Message-ID: 20140430165125.GI2556@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Adam,

* adam(dot)taylor(at)frontiermedex(dot)com (adam(dot)taylor(at)frontiermedex(dot)com) wrote:
> PostgreSQL version: 9.0.0

You should really upgrade to the latest if you're actually on 9.0.0.

> We were alerted of a new vulnerability found in OpenSSL (versions 1.0.1 and
> 1.0.2beta) that could enable remote, unauthorized access to your systems. I
> have included the specifics below.

The vulnerability was in OpenSSL. If you are using SSL with PostgreSQL
then you will want to verify that you have installed the latest version
of OpenSSL and that you have restarted the PostgreSQL server after
installing it.

If you are using PostgreSQL binaries from a distributor then you should
verify that you are using the latest versions and that they have been
updated. The major Linux distributions (RedHat, CentOS, Debian, Ubuntu,
etc) have provided updates for their supported releases. The Windows
installer distributed by EDB has also been updated; you'll want to
download and install the latest minor version for the PG major version
which you're running. You should also review the release notes for all
versions between the one you are on and what you are upgrading to.

Thanks,

Stephen

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Rainer Tammer 2014-04-30 17:09:37 Re: Problem with PostgreSQL 9.2.7 and make check on AIX 7.1
Previous Message adam.taylor 2014-04-30 11:50:49 BUG #10184: OpenSSL Vulnerability