| From: | Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> |
|---|---|
| To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Heartbleed Impact |
| Date: | 2014-04-16 08:48:04 |
| Message-ID: | CALSLE1OHAm4Z2SizHNhaUP0b655wzbRKTUYnNsF6uy_JVn9vrg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
We are using postgresql binaries downloaded from here
http://www.enterprisedb.com/products-services-training/pgbindownload
The binaries which are currently at 9.3.3 were updated when the security
vulnerabilities were announced in Feb 2014.
We embed certain binaries and libssl.so.1.0.0 gets shipped along with
pre-build in-house database with product.
Referred this link
http://blog.hagander.net/archives/219-PostgreSQL-and-the-OpenSSL-Heartbleed-vulnerability.htmland
for our database SSL is off:
SSL connection are in OFF.
postgres=# show ssl;
ssl
-----
off
There is a note for the graphical installers but not the same for binaries:
*NOTE:* April 10, 2014: The installers for PostgreSQL 9.3.4-3, 9.2.8-3,
9.1.13-3, 9.0.17-3 and 8.4.21-3 have recently been updated to include a
patch to address CVE-2014-0160, a TLS heartbeat read overrun issue in the
OpenSSL library that is packaged in the installer.
Can you please let us know about the impact in case binaries are being
shipped and SSL is off?
Regards...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2014-04-16 09:43:22 | Re: [GENARAL] round() bug |
| Previous Message | Andreas Joseph Krogh | 2014-04-16 08:11:39 | Re: Querying all documents for a company and its projects etc |