Heartbleed Impact

Поиск
Список
Период
Сортировка
От Dev Kumkar
Тема Heartbleed Impact
Дата
Msg-id CALSLE1OHAm4Z2SizHNhaUP0b655wzbRKTUYnNsF6uy_JVn9vrg@mail.gmail.com
обсуждение исходный текст
Ответы Re: Heartbleed Impact
Re: Heartbleed Impact
Список pgsql-general
We are using postgresql binaries downloaded from here
http://www.enterprisedb.com/products-services-training/pgbindownload

The binaries which are currently at 9.3.3 were updated when the security vulnerabilities were announced in Feb 2014.

We embed certain binaries and libssl.so.1.0.0 gets shipped along with pre-build in-house database with product.

Referred this link http://blog.hagander.net/archives/219-PostgreSQL-and-the-OpenSSL-Heartbleed-vulnerability.html and for our database SSL is off:
        SSL connection are in OFF.
        postgres=# show ssl;
         ssl
        -----
         off
There is a note for the graphical installers but not the same for binaries:
NOTE: April 10, 2014: The installers for PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3 and 8.4.21-3 have recently been updated to include a patch to address CVE-2014-0160, a TLS heartbeat read overrun issue in the OpenSSL library that is packaged in the installer.

Can you please let us know about the impact in case binaries are being shipped and SSL is off?
 
Regards...

В списке pgsql-general по дате отправления:

Предыдущее
От: Alberto Cabello Sánchez
Дата:
Сообщение: Re: Trouble installing Slony 2.0
Следующее
От: Albe Laurenz
Дата:
Сообщение: Re: [GENARAL] round() bug