| From: | Subhash Udata <subhashudata(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | 김주연 <mysylph(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 |
| Date: | 2024-11-22 03:57:44 |
| Message-ID: | CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi Adrian,
Thank you for your response regarding the affected versions of PostgreSQL.
I have a follow-up question for clarification:
The PostgreSQL documentation mentions that the versions with a fix for
CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However,
your reply states that any version greater than 13+ should suffice.
Could you please confirm if upgrading to one of the specific versions
listed above is mandatory, or is it acceptable to upgrade to any version
higher than 13?
Your guidance will help us determine the appropriate upgrade path for our
environment.
Thank you for your time and assistance.
On Thu, 21 Nov 2024 at 12:24, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:
> On 11/20/24 22:44, 김주연 wrote:
> > Hello, I am currently using PostgreSQL 11.10 and would like to know if
> > the CVE-2024-10979 vulnerability affects this version.
>
> Postgres 11 is past EOL, see:
>
> https://www.postgresql.org/support/versioning/
>
>
> > If it does impact my version, I would like to know which version I
> > should upgrade to.
>
> Any version from 13+.
>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
>
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2024-11-22 04:09:31 | CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 |
| Previous Message | Steeve Boulanger | 2024-11-21 23:50:13 | Re: Database stats ( pg_stat_database.stats_reset ) get reset on daily basis - why? |