BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)

Поиск
Список
Период
Сортировка
От PG Bug reporting form
Тема BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)
Дата
Msg-id 17907-8cd9b572b6722919@postgresql.org
обсуждение исходный текст
Ответы Re: BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)  (Sandeep Thakkar <sandeep.thakkar@enterprisedb.com>)
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      17907
Logged by:          Adrian Scott
Email address:      ascott@wwf.org.uk
PostgreSQL version: 15.2
Operating system:   Windows 10 Enterprise 64 bit
Description:

We have been alerted to the existence of 3 OpenSSL vulnerabilities that are
exposed within the OpenSSL v3.0.8 DLLs installed as part of the PostgresSQL
15.x install.
In the default install paths the 2 files are found here:
c:\program files\postgresql\15\bin\libcrypto-3-x64.dll
c:\program files\postgresql\15\bin\libssl-3-x64.dll

These are affected by vulnerabilities CVE-2023-0464, CVE-2023-0465 &
CVE-2023-0466

Please can you update the PostgresSQL distributions to include the latest
OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or
3.0.9), to remove these vulnerabilities?

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Karina Litskevich
Дата:
Сообщение: Re: BUG #17731: Server doesn't start after abnormal shutdown while creating unlogged tables
Следующее
От: Nathan Bossart
Дата:
Сообщение: Re: BUG #17903: There is a bug in the KeepLogSeg()