Обсуждение: BUG #10184: OpenSSL Vulnerability

Поиск
Список
Период
Сортировка

BUG #10184: OpenSSL Vulnerability

От
adam.taylor@frontiermedex.com
Дата:
The following bug has been logged on the website:

Bug reference:      10184
Logged by:          Adam Taylor
Email address:      adam.taylor@frontiermedex.com
PostgreSQL version: 9.0.0
Operating system:   Windows
Description:

Hi

I apologize for reaching out but we have been alerted to a security problem
and wanted to make sure that you were aware of it or were not impacted.

We were alerted of a new vulnerability found in OpenSSL (versions 1.0.1 and
1.0.2beta) that could enable remote, unauthorized access to your systems. I
have included the specifics below.

Can you please let us know if this issue impacts you and if so what is your
remediation plan? Our Information Security team is taking measures to ensure
that all access points into our systems are secured.

Thank you for your cooperation in this matter.

Adam Taylor
Senior Technical Support Analyst

Frontiermedex
Office  +44 1594 545132

Re: BUG #10184: OpenSSL Vulnerability

От
Stephen Frost
Дата:
Adam,

* adam.taylor@frontiermedex.com (adam.taylor@frontiermedex.com) wrote:
> PostgreSQL version: 9.0.0

You should really upgrade to the latest if you're actually on 9.0.0.

> We were alerted of a new vulnerability found in OpenSSL (versions 1.0.1 a=
nd
> 1.0.2beta) that could enable remote, unauthorized access to your systems.=
 I
> have included the specifics below.=20

The vulnerability was in OpenSSL.  If you are using SSL with PostgreSQL
then you will want to verify that you have installed the latest version
of OpenSSL and that you have restarted the PostgreSQL server after
installing it.

If you are using PostgreSQL binaries from a distributor then you should
verify that you are using the latest versions and that they have been
updated.  The major Linux distributions (RedHat, CentOS, Debian, Ubuntu,
etc) have provided updates for their supported releases.  The Windows
installer distributed by EDB has also been updated; you'll want to
download and install the latest minor version for the PG major version
which you're running.  You should also review the release notes for all
versions between the one you are on and what you are upgrading to.

    Thanks,

        Stephen