Home > mailing lists

Re[2]: CVE-2022-2625 - Mailing list pgsql-general

From	misha1966 misha1966
Subject	Re[2]: CVE-2022-2625
Date	September 15, 2022 07:24:21
Msg-id	1663215861.183275184@f728.i.mail.ru Whole thread Raw
In response to	CVE-2022-2625 (misha1966 misha1966 <mmisha1966@bk.ru>)
Responses	Re: Re[2]: CVE-2022-2625 Re: CVE-2022-2625
List	pgsql-general

Tree view

All business processes are hooked on postgresql 9.5. There is no way to update.

Unfortunately, I don't have the proper qualifications to change it.

Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe <laurenz.albe@cybertec.at>:

On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
> Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
> If so, who knows how to patch it? Patches from version 10 are not suitable at all...

Yes, that vulnerability exists in 9.5.

To patch that, you'd have to try and backpatch the commit to 9.5 yourself:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0

Since 9.5 is out of support, there are no more bugfixes for it provided
by the community. If security were a real concern for you, you would
certainly not be running a PostgreSQL version that is out of support.

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com

pgsql-general by date:

From: Bryn Llewellyn
Date: 15 September 2022, 07:07:09
Subject: Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?

From: Tom Lane
Date: 15 September 2022, 07:38:58
Subject: Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?

Re[2]: CVE-2022-2625 - Mailing list pgsql-general

Previous

Next