Re: OpenSSL v1.1.1n in postgres
| От | Sandeep Thakkar |
|---|---|
| Тема | Re: OpenSSL v1.1.1n in postgres |
| Дата | |
| Msg-id | CANFyU940FxTkdiL62OwcNnYWDMmtY3rjeJ8AHnFT3YSi9fxJbQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: OpenSSL v1.1.1n in postgres (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Hi,
Please note the EDB windows installer updates carrying the OpenSSL 1.1.1n are already available for download through website and stackbuilder. The latest PG installer versions for all the branches are:
- 14.2-2
- 13.6-2
- 12.10-2
- 11.15-2
- 10.20-2
Please update to the required version.
On Sun, Mar 27, 2022 at 2:47 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
"David G. Johnston" <david.g.johnston@gmail.com> writes:
> I do find it sad that this question about when a CVE has been patched is
> being asked where the active version is 10 months old and missing 3
> PostgreSQL CVE fixes, including an SSL related one in 13.5
In the OP's defense, this OpenSSL CVE does look a lot scarier than
any of ours ... if I'm reading it right, anyone who can reach your
postmaster port can arrange to chew 100% CPU on your server.
OTOH, they can't do anything more than that, and you probably
shouldn't have your DB server accessible from the open internet
anyway.
regards, tom lane
Sandeep Thakkar
В списке pgsql-bugs по дате отправления: