From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | "Hilbert, Karin" <ioh1(at)psu(dot)edu> |
Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Security Vulnerability on PostgreSQL VMs |
Date: | 2020-07-17 16:11:32 |
Message-ID: | CABUevEy0nmNbAn=o1U5tFYOmbx5R99Zc6=ArRPMES8voCv=bEA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Jul 17, 2020 at 5:44 PM Hilbert, Karin <ioh1(at)psu(dot)edu> wrote:
> We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux
> VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're
> also running repmgr v5.1.0 & PgBouncer v1.13.
>
> We're getting vulnerability reports from our Security Office for the
> following packages:
> - python-pulp-agent-lib-2.13.4.16-1.el7sat
> - python-gofer-2.12.5-5.el7sat
>
> For some reason these packages aren't being updated to the current
> versions & our Linux Admins haven't been able to resolve the update
> issue. It has something to do with a satellite? (I'm not a Linux Admin -
> I don't really know what they're talking about). Anyway, *are these
> packages anything that would be required by PostgreSQL, repmgr or
> PgBouncer?* It's nothing that I installed on the VMs - I assume that
> it's something installed along with the OS. The Linux Admin's
> recommendation is to just remove these packages.
>
They are not. They are part Pulp for example, but in particular they are
part of RedHat Satellite which is probably why the package version has a
name ending in "sat". So it would be something a Linux admin would put in
there, not the DBA.
But to answer the question, no they are not required by PostgreSQL, repmgr
or pgbouncer.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | FOUTE K. Jaurès | 2020-07-17 16:16:22 | PostgreSQL make too long to start. |
Previous Message | Diego | 2020-07-17 16:07:33 | Re: Security Vulnerability on PostgreSQL VMs |