| From: | Sandeep Thakkar <sandeep(dot)thakkar(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Daniel Gustafsson <daniel(at)yesql(dot)se>, "Vibhu Chauhan (iDEAS-ER&D)" <vibhu(dot)chauhan(at)wipro(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: OpenSSL v1.1.1n in postgres |
| Date: | 2022-03-27 02:11:32 |
| Message-ID: | CANFyU940FxTkdiL62OwcNnYWDMmtY3rjeJ8AHnFT3YSi9fxJbQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi,
Please note the EDB windows installer updates carrying the OpenSSL 1.1.1n
are already available for download through website and stackbuilder. The
latest PG installer versions for all the branches are:
- 14.2-2
- 13.6-2
- 12.10-2
- 11.15-2
- 10.20-2
Please update to the required version.
On Sun, Mar 27, 2022 at 2:47 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > I do find it sad that this question about when a CVE has been patched is
> > being asked where the active version is 10 months old and missing 3
> > PostgreSQL CVE fixes, including an SSL related one in 13.5
>
> In the OP's defense, this OpenSSL CVE does look a lot scarier than
> any of ours ... if I'm reading it right, anyone who can reach your
> postmaster port can arrange to chew 100% CPU on your server.
> OTOH, they can't do anything more than that, and you probably
> shouldn't have your DB server accessible from the open internet
> anyway.
>
> regards, tom lane
>
>
>
--
Sandeep Thakkar
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Semab Tariq | 2022-03-28 07:20:37 | Re: BUG #17447: uninstaller fails |
| Previous Message | Tom Lane | 2022-03-26 21:17:20 | Re: OpenSSL v1.1.1n in postgres |