Re: CVE-2018-1058

On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote:
> What commands did you use to dump the 9.6.15 version and restore to the
> 9.6.5 version?
>
> Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump
> And
> Pg_restore -p 5432 -U postgres -d dbkerp param.dump
>
>
> Server with pg_dump is Linux red hat 7.6
>
> Server with pg_restore is linux red hat 6.5
>
>
> In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5.

So the RH 7.5 has 9.6.15 and RH 6.5 9.6.5?

>
>
> The pg_dump is correct, everything goes ok., but when I do the pg_restore I gota n error : pg_restore: [archiver] unsupported version (1.13) in file header

Yeah, that is because you are using an older version of pg_restore to
restore a file that was created by a newer version of pg_dump. You have
three choices as I see it:

1) Try to dump the 9.6.15 database with the 9.6.5 pg_dump using -Fc

2) Dump the 9.6.15 database using the 9.6.15 dump but output as plain
text file(-Fp). To restore the file you will need to use psql not
pg_restore. See examples at bottom of here:

https://www.postgresql.org/docs/11/app-pgdump.html

3) Upgrade your 9.6.5 instance to 9.6.15. This is going to need more
information though:

a) How are you installing Postgres?

b) How big is the database and is it in production?

>
>
> I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how.
> How to download, and install, I dont find documents about it.
>
> he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how.
>
>
>
>
> -----Mensaje original-----
> De: Adrian Klaver [mailto:adrian(dot)klaver(at)aklaver(dot)com]
> Enviado el: miércoles, 16 de octubre de 2019 15:41
> Para: Lizeth Solis Aramayo; pgsql-general(at)postgresql(dot)org
> Asunto: Re: CVE-2018-1058
>
> On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote:
>> Good afternoon,
>>
>> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5
>> version, I got an error, and I found this page to install a patch
>
> What commands did you use to dump the 9.6.15 version and restore to the
> 9.6.5 version?
>
> Which versions software did you use to do above?
>
> What was the error?
>
> The reason why you can't upgrade the 9.6.5 to 9.6.15?
>
>
>>
>> https://www.postgresql.org/about/news/1834/
>>
>> CVE-2018-1058
>>
>> But I don't k now how to download the patch, please may you help me?
>>
>> Thank you a lot.
>>
>> Lizeth Solis
>>
>> DBA - ELFEC S.A.
>>
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
> ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del o los destinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsable para su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión, distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación, por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
>

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com