| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | misha1966 misha1966 <mmisha1966(at)bk(dot)ru> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Re[2]: CVE-2022-2625 |
| Date: | 2022-09-15 08:22:30 |
| Message-ID: | 99c4733570f904328e0fc168c92bbcbcdff2fd9d.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 2022-09-15 at 07:24 +0300, misha1966 misha1966 wrote:
> > Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>:
> >
> > On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
> > > Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
> > > If so, who knows how to patch it? Patches from version 10 are not suitable at all...
> >
> > Yes, that vulnerability exists in 9.5.
> >
> > To patch that, you'd have to try and backpatch the commit to 9.5 yourself:
> > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0
> >
> > Since 9.5 is out of support, there are no more bugfixes for it provided
> > by the community. If security were a real concern for you, you would
> > certainly not be running a PostgreSQL version that is out of support.
>
> All business processes are hooked on postgresql 9.5. There is no way to update.
> Unfortunately, I don't have the proper qualifications to change it.
So these "business processes" are more important than security at your site.
That's fine; everybody has to make their choices.
But remember that there are also known data-eating bugs lurking in your
outdated software.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sebastien Flaesch | 2022-09-15 08:42:15 | Re: Resolving host to IP address |
| Previous Message | Matthias Apitz | 2022-09-15 05:33:49 | Re: Mysterious performance degradation in exceptional cases |