Обсуждение: PostgreSQL - CVE-2021-44228 - dependency on Log4j ?
Hi Community,
Is PostgreSQL instance dependent of this Log4J Library ?
I was looking on postgresql website but I did not find anything
Many Thanks,
Joao
Banque Pictet & Cie SA | |
Route des Acacias 60 1211 Geneva 73 - Switzerland | |
Tel. +41 58 323 2323 | |
Fax. +41 58 323 2324 | |
group.pictet | |
This message is not intended for persons who are citizens of, domiciled or resident in, or entities registered in a country or jurisdiction in which its distribution, publication, provision or use would violate current laws and regulations. The content of this message is confidential and may be read and/or used only by the recipient of this message. For information about personal data protection, please refer to the Pictet Group’s Privacy Notice available at www.group.pictet/privacynotice. If you have received this e-mail message in error, please destroy it and delete it from your computer. The Pictet Group may not be held liable for the use, transmission or treatment of the content of this message. The recipient of this message remains solely liable for any form of reproduction, copying, disclosure, modification and/or publication of the content. No liability whatsoever will be incurred by the Pictet Group. The recipient of this message agrees to comply with the applicable laws and regulations in the jurisdictions where they use the information contained herein. |
Вложения
Hi Community,
Is PostgreSQL instance dependent of this Log4J Library ?
I was looking on postgresql website but I did not find anything
Many Thanks,
Joao
Banque Pictet & Cie SA Route des Acacias 60
1211 Geneva 73 - SwitzerlandTel. +41 58 323 2323 Fax. +41 58 323 2324 group.pictet
This message is not intended for persons who are citizens of, domiciled or resident in, or entities registered in a country or jurisdiction in which its distribution, publication, provision or use would violate current laws and regulations. The content of this message is confidential and may be read and/or used only by the recipient of this message. For information about personal data protection, please refer to the Pictet Group’s Privacy Notice available at www.group.pictet/privacynotice. If you have received this e-mail message in error, please destroy it and delete it from your computer. The Pictet Group may not be held liable for the use, transmission or treatment of the content of this message. The recipient of this message remains solely liable for any form of reproduction, copying, disclosure, modification and/or publication of the content. No liability whatsoever will be incurred by the Pictet Group. The recipient of this message agrees to comply with the applicable laws and regulations in the jurisdictions where they use the information contained herein.
Вложения
Hi Lazaro
Many Thanks for your clarification.
Regards
Joao
Banque Pictet & Cie SA | |
Route des Acacias 60 1211 Geneva 73 - Switzerland | |
Tel. +41 58 323 2323 | |
Fax. +41 58 323 2324 | |
group.pictet | |
From: lazaro garcia <lazaro3487@gmail.com>
Sent: lundi 13 décembre 2021 12:43
To: Joao COSTA <jcosta@pictet.com>
Cc: pgsql-admin@lists.postgresql.org
Subject: Re: PostgreSQL - CVE-2021-44228 - dependency on Log4j ?
There is no relation between Log4j and PostgreSQL. Log4j is a logging library used in the Java ecosystem.
Regards.
El lun, 13 dic 2021 a las 12:20, Joao COSTA (<jcosta@pictet.com>) escribió:
Hi Community,
Is PostgreSQL instance dependent of this Log4J Library ?
I was looking on postgresql website but I did not find anything
Many Thanks,
Joao
Banque Pictet & Cie SA
Route des Acacias 60
1211 Geneva 73 - SwitzerlandTel. +41 58 323 2323
Fax. +41 58 323 2324
This message is not intended for persons who are citizens of, domiciled or resident in, or entities registered in a country or jurisdiction in which its distribution, publication, provision or use would violate current laws and regulations. The content of this message is confidential and may be read and/or used only by the recipient of this message. For information about personal data protection, please refer to the Pictet Group’s Privacy Notice available at www.group.pictet/privacynotice. If you have received this e-mail message in error, please destroy it and delete it from your computer. The Pictet Group may not be held liable for the use, transmission or treatment of the content of this message. The recipient of this message remains solely liable for any form of reproduction, copying, disclosure, modification and/or publication of the content. No liability whatsoever will be incurred by the Pictet Group. The recipient of this message agrees to comply with the applicable laws and regulations in the jurisdictions where they use the information contained herein.
This message is not intended for persons who are citizens of, domiciled or resident in, or entities registered in a country or jurisdiction in which its distribution, publication, provision or use would violate current laws and regulations. The content of this message is confidential and may be read and/or used only by the recipient of this message. For information about personal data protection, please refer to the Pictet Group’s Privacy Notice available at www.group.pictet/privacynotice. If you have received this e-mail message in error, please destroy it and delete it from your computer. The Pictet Group may not be held liable for the use, transmission or treatment of the content of this message. The recipient of this message remains solely liable for any form of reproduction, copying, disclosure, modification and/or publication of the content. No liability whatsoever will be incurred by the Pictet Group. The recipient of this message agrees to comply with the applicable laws and regulations in the jurisdictions where they use the information contained herein. |
Вложения
Posting this response even though it is not directly related to pgsql-admin.
There is a nice write-up on the Sophos Naked Security blog about the Log4j issue: https://nakedsecurity.sophos.com/2021/12/13/log4shell-explained-how-it-works-why-you-need-to-know-and-how-to-fix-it/?fbclid=IwAR07rHlcNqC74hktC9X_8DZF5QgiQwzuaVlnO3WXKrn3vznd_9BuFlZuoYY
This includes information about checking if your server is affected and how to update to the patched version of log4j-core and log4j-api
The original question asked if PostreSQL is dependent but my understanding is that we should be asking “Is anything on my server using Log4j”.
Hope this helps.
Dave
From: Joao COSTA [mailto:jcosta@pictet.com]
Sent: 13 December 2021 10:20
To: pgsql-admin@lists.postgresql.org
Subject: PostgreSQL - CVE-2021-44228 - dependency on Log4j ?
Hi Community,
Is PostgreSQL instance dependent of this Log4J Library ?
I was looking on postgresql website but I did not find anything
Many Thanks,
Joao
Banque Pictet & Cie SA |
Route des Acacias 60 |
Tel. +41 58 323 2323 |
Fax. +41 58 323 2324 |
This message is not intended for persons who are citizens of, domiciled or resident in, or entities registered in a country or jurisdiction in which its distribution, publication, provision or use would violate current laws and regulations. The content of this message is confidential and may be read and/or used only by the recipient of this message. For information about personal data protection, please refer to the Pictet Group’s Privacy Notice available at www.group.pictet/privacynotice. If you have received this e-mail message in error, please destroy it and delete it from your computer. The Pictet Group may not be held liable for the use, transmission or treatment of the content of this message. The recipient of this message remains solely liable for any form of reproduction, copying, disclosure, modification and/or publication of the content. No liability whatsoever will be incurred by the Pictet Group. The recipient of this message agrees to comply with the applicable laws and regulations in the jurisdictions where they use the information contained herein. |