<div class="WordSection1"><p class="MsoNormal"> <p class="MsoNormal">Hello All,<p class="MsoNormal"> <p
class="MsoNormal">Weuse pgAdmin III to connect to Greenplum database. We had recently found out from our vulnerability
teamthat pgAdmin III uses OpenSSL version before 1.0.2h which has the below vulnerability.<p class="MsoNormal"> <p
class="MsoNormal">OpenSSLversion before 1.0.1t & 1.0.2h has vulnerabilities. And pgAdmin 3 is using a vulnerable
versionof OpenSSL.<p class="MsoNormal"> <p class="MsoNormal">The latest version in pgAdmin III is v1.22 and it is using
OpenSSLversion 1.0.2f.<p class="MsoNormal"> <p class="MsoNormal">Below is the info related to the vulnerability: <p
class="MsoNormal">Overview:The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2
before1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of
service(buffer over-read) via crafted EBCDIC ASN.1 data.<p class="MsoNormal"> <p class="MsoNormal">Even though pgAdmin
IVuses a OpenSSL version above 1.0.2h, we are unable to use pgAdmin IV because it is having issues connection to
Greenplum(it gives below error)<p class="MsoNormal"> <p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"SourceSans Pro",sans-serif;color:#686868;background:white">ERROR: unrecognized
configurationparameter "bytea_output"</span><p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Source Sans
Pro",sans-serif;color:#686868;background:white"> </span><pclass="MsoNormal">Can you please help with my below
questions:<pclass="MsoNormal"> <p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span
style="mso-list:Ignore">1.<spanstyle="font:7.0pt "Times New Roman""> </span></span>I understand that pgAdmin III
isnot supported anymore, but because pgAdmin IV is relatively new and lot of people would be still using pgAdmin III,
willa updated version of pgAdmin III released with latest version of OpenSSL be released?<p class="MsoNormal"> <p
class="MsoListParagraph"style="text-indent:-.25in;mso-list:l0 level1 lfo1"><span style="mso-list:Ignore">2.<span
style="font:7.0pt"Times New Roman""> </span></span>Can end users update the OpenSSL version themselves? I mean –
SincepgAdmin IV is using OpenSSL 1.0.2h, can we copy this file to pgAdmin III v1.22. <p class="MsoListParagraph">Is
thisworkaround okay/allowed?<p class="MsoListParagraph">Will this workaround create any issues in pgAdmin III?<p
class="MsoListParagraph"> <pclass="MsoNormal">Please help, thanks in advance.<p class="MsoNormal"> <p
class="MsoNormal">Thanks,<pclass="MsoNormal">Sathesh</div>