Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Sat, Nov 23, 2024 at 4:39 PM Bruce Momjian wrote: > On Sat, Nov 23, 2024 at 03:24:47PM -0500, Ron Johnson wrote: > > On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: > > [snip] > > > > I have to admit, for this question, we just point people to: > > > > https://www.postgr

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Sat, Nov 23, 2024 at 03:24:47PM -0500, Ron Johnson wrote: > On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: > [snip]  > > I have to admit, for this question, we just point people to: > >         https://www.postgresql.org/support/versioning/ > > and say bounce the database

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: [snip] > I have to admit, for this question, we just point people to: > > https://www.postgresql.org/support/versioning/ > > and say bounce the database server and install the binaries. What I > have never considered before, and I shou

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/23/24 10:57, Bruce Momjian wrote: On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote: On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: and say bounce the database server and install the binaries.  What I have never considered before, and I should have, is t

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Sat, Nov 23, 2024 at 01:30:13PM -0500, Greg Sabino Mullane wrote: > On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: > > and say bounce the database server and install the binaries.  What I > have never considered before, and I should have, is the complexity of > doing this for

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian wrote: > and say bounce the database server and install the binaries. What I > have never considered before, and I should have, is the complexity of > doing this for many remote servers. Can we improve our guidance for > these cases? > Hmm I'm not

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Fri, Nov 22, 2024 at 09:00:18AM +0100, Matthias Apitz wrote: > El día viernes, noviembre 22, 2024 a las 05:52:34 +0100, Laurenz Albe > escribió: > > > On Fri, 2024-11-22 at 10:01 +0530, Subhash Udata wrote: > > > Currently, my environment is running PostgreSQL 15.0. I understand that > > > ve

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Fri, 2024-11-22 at 09:00 +0100, Matthias Apitz wrote: > > > Given that I am not using the PL/Perl extension in my environment, I > > > wanted to ask: > > >  * Is it still mandatory to upgrade specifically to version 15.9, or would > > >     remaining on version 15.0 suffice in this case? > > >

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Friday, November 22, 2024, Matthias Apitz wrote: > > Especially the version V7.2 (released in 2021) can't be updated on the > client side, the cluster will be migrated to 16.5. I assume that > CVE-2024-10979 affects the server side, and not the client side. > Yes, it is the server that execut

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Fri, Nov 22, 2024 at 4:01 AM Achilleas Mantzios - cloud < a.mantz...@cloud.gatewaynet.com> wrote: > > On 11/22/24 10:00, Matthias Apitz wrote: > [snip] > > Why not decouple client libs from the server ? i.e. psql works great > with many versions greater than its own. And certainly with same ma

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

El día viernes, noviembre 22, 2024 a las 11:01:29 +0200, Achilleas Mantzios - cloud escribió: > > under development: V7.3-SP1 (we will not support 15.9 as cluster in SP1) > > used ESQL/C 15.9 (i.e. PostgreSQL client side) > > migrate the used cluster/database 'from' --> 'to' > > 15

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/22/24 10:00, Matthias Apitz wrote: El día viernes, noviembre 22, 2024 a las 05:52:34 +0100, Laurenz Albe escribió: On Fri, 2024-11-22 at 10:01 +0530, Subhash Udata wrote: Currently, my environment is running PostgreSQL 15.0. I understand that version 15.9 contains the fix for CVE-2024-

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

El día viernes, noviembre 22, 2024 a las 05:52:34 +0100, Laurenz Albe escribió: > On Fri, 2024-11-22 at 10:01 +0530, Subhash Udata wrote: > > Currently, my environment is running PostgreSQL 15.0. I understand that > > version > > 15.9 contains the fix for CVE-2024-10979, as mentioned in the relea

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/21/24 20:53, David G. Johnston wrote: On Thursday, November 21, 2024, Adrian Klaver > wrote: On 11/21/24 20:31, Subhash Udata wrote: Thank you for your detailed response. I would like to clarify my situation further to ensure I take th

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Fri, 2024-11-22 at 10:01 +0530, Subhash Udata wrote: > Currently, my environment is running PostgreSQL 15.0. I understand that > version > 15.9 contains the fix for CVE-2024-10979, as mentioned in the release notes. > Given that I am not using the PL/Perl extension in my environment, I wanted

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On Thursday, November 21, 2024, Subhash Udata wrote: > > Currently, my environment is running *PostgreSQL 15.0*. I understand that > version *15.9* contains the fix for CVE-2024-10979, as mentioned in the > release notes. > > Given that I am not using the *PL/Perl* extension in my environment > I

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/21/24 20:31, Subhash Udata wrote: Thank you for your detailed response. I would like to clarify my situation further to ensure I take the appropriate steps. Currently, my environment is running *PostgreSQL 15.0*. I understand that version *15.9* contains the fix for CVE-2024-10979, as me

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

15.0 is missing TWO YEARS of bug fixes. https://www.postgresql.org/docs/release/ And It's your database, not ours. Plus, we aren't the Version Police that knock your head with a billy club if you don't upgrade. Patching takes 10 minutes, and any good DBA will keep his or her systems as patched a

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/21/24 19:57, Subhash Udata wrote: Hi Adrian, Thank you for your response regarding the affected versions of PostgreSQL. I have a follow-up question for clarification: The PostgreSQL documentation mentions that the versions with a fix for CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

"David G. Johnston" writes: > On Thursday, November 21, 2024, Subhash Udata > wrote: >> The PostgreSQL documentation mentions that the versions with a fix for >> CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However, >> your reply states that any version greater than 13+ should

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Thank you for your detailed response. I would like to clarify my situation further to ensure I take the appropriate steps. Currently, my environment is running *PostgreSQL 15.0*. I understand that version *15.9* contains the fix for CVE-2024-10979, as mentioned in the release notes. Given that I

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Hi Adrian, Thank you for your response regarding the affected versions of PostgreSQL. I have a follow-up question for clarification: The PostgreSQL documentation mentions that the versions with a fix for CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However, your reply states th

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Thank you for your response. 2024년 11월 21일 (목) 오후 3:54, Adrian Klaver 님이 작성: > On 11/20/24 22:44, 김주연 wrote: > > Hello, I am currently using PostgreSQL 11.10 and would like to know if > > the CVE-2024-10979 vulnerability affects this version. > > Postgres 11 is past EOL, see: > > https://www.post

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

On 11/20/24 22:44, 김주연 wrote: Hello, I am currently using PostgreSQL 11.10 and would like to know if the CVE-2024-10979 vulnerability affects this version. Postgres 11 is past EOL, see: https://www.postgresql.org/support/versioning/ If it does impact my version, I would like to know which ve