| From: | Saravanan Subramaniyan <sara1479(at)gmail(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: OpenSSL Vulnerabilities |
| Date: | 2014-06-13 03:25:43 |
| Message-ID: | CANRH5ZbPT6MDv5P3V=UTNieCb_Td0PhOWMV+HWPfWXkM2wHHMQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks Magnus. We have removed as well as replaced the OpenSSLlibraries.
The postgresql service is not coming up (SSL is turned off). I thought
OpenSSL is used when we turn on SSL in postgresql.
Thanks
V.S.Saravanan
On Thu, Jun 12, 2014 at 7:56 PM, Magnus Hagander <magnus(at)hagander(dot)net>
wrote:
> On Thu, Jun 12, 2014 at 8:43 AM, Saravanan Subramaniyan <
> sara1479(at)gmail(dot)com> wrote:
>
>> Hi All,
>> Recently OpenSSL released Security Advisory. Please refer below link
>>
>> http://www.openssl.org/news/secadv_20140605.txt.
>>
>> We are using postgresql version 9.2.8 which is vulnerable. Is postgresql
>> planning to release new version which include OpenSSL 1.0.1h?
>>
>>
> PostgreSQL itself is not vulnerable, so we will not release a new version.
>
> If you are using the EnterpriseDB graphical installers, they are indeed
> bundling the OpenSSL and it at least used to be the vulnerable version.
> Unfortunately they don't seem to have information about the updates yet - I
> will see if i can ping them about making sure that goes on there. I think
> they have already patched it - but it's not confirmed on the website.
>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2014-06-13 10:07:52 | Re: OpenSSL Vulnerabilities |
| Previous Message | Kevin Grittner | 2014-06-13 02:19:30 | Re: max_connections reached in postgres 9.3.3 |