Re: Security Vulnerability on PostgreSQL VMs

On Fri, Jul 17, 2020 at 5:44 PM Hilbert, Karin <ioh1(at)psu(dot)edu> wrote:

> We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux
> VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're
> also running repmgr v5.1.0 & PgBouncer v1.13.
>
> We're getting vulnerability reports from our Security Office for the
> following packages:
> - python-pulp-agent-lib-2.13.4.16-1.el7sat
> - python-gofer-2.12.5-5.el7sat
>
> For some reason these packages aren't being updated to the current
> versions & our Linux Admins haven't been able to resolve the update
> issue. It has something to do with a satellite? (I'm not a Linux Admin -
> I don't really know what they're talking about). Anyway, *are these
> packages anything that would be required by PostgreSQL, repmgr or
> PgBouncer?* It's nothing that I installed on the VMs - I assume that
> it's something installed along with the OS. The Linux Admin's
> recommendation is to just remove these packages.
>

They are not. They are part Pulp for example, but in particular they are
part of RedHat Satellite which is probably why the package version has a
name ending in "sat". So it would be something a Linux admin would put in
there, not the DBA.

But to answer the question, no they are not required by PostgreSQL, repmgr
or pgbouncer.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>