From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
---|---|
To: | misha1966 misha1966 <mmisha1966(at)bk(dot)ru> |
Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Re[2]: CVE-2022-2625 |
Date: | 2022-09-15 14:58:23 |
Message-ID: | CAECtzeXzz-h_bgjLWKbCvGS92rSGPkNKSLvozw6eogR2DwG1rQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Le jeu. 15 sept. 2022 à 16:52, misha1966 misha1966 <mmisha1966(at)bk(dot)ru> a
écrit :
> Is there a patch for 9.6 ?
>
A quick Google search for "postgres CVE-2022-2625" gives you
https://www.postgresql.org/support/security/CVE-2022-2625/. And this page
tells you there's only a fix for releases 10 to 14. Moreover, fixes in 2022
won't have a patch for releases prior to v10.
>
>
> Четверг, 15 сентября 2022, 17:55 +09:00 от Ron <ronljohnsonjr(at)gmail(dot)com>:
>
> Software is only certified for 9.5? Hopefully you're running 9.5.25.
>
> I feel your pain... we've got some databases that will stay at 9.6 for
> another year.
>
> On 9/14/22 23:24, misha1966 misha1966 wrote:
>
> All business processes are hooked on postgresql 9.5. There is no way to
> update.
> Unfortunately, I don't have the proper qualifications to change it.
>
>
> Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe
> <laurenz(dot)albe(at)cybertec(dot)at>
> <//e.mail.ru/compose/?mailto=mailto%3alaurenz(dot)albe(at)cybertec(dot)at>:
>
> On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
> > Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
> > If so, who knows how to patch it? Patches from version 10 are not
> suitable at all...
>
> Yes, that vulnerability exists in 9.5.
>
> To patch that, you'd have to try and backpatch the commit to 9.5 yourself:
>
> https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0
>
> Since 9.5 is out of support, there are no more bugfixes for it provided
> by the community. If security were a real concern for you, you would
> certainly not be running a PostgreSQL version that is out of support.
>
> Yours,
> Laurenz Albe
> --
> Cybertec | https://www.cybertec-postgresql.com
>
>
>
>
>
> --
> Angular momentum makes the world go 'round.
>
>
>
--
Guillaume.
From | Date | Subject | |
---|---|---|---|
Next Message | Ron | 2022-09-15 15:05:14 | Re: CVE-2022-2625 |
Previous Message | misha1966 misha1966 | 2022-09-15 14:52:20 | Re[2]: CVE-2022-2625 |