Home > mailing lists

BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466) - Mailing list pgsql-bugs

From	PG Bug reporting form
Subject	BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)
Date	April 24, 2023 17:34:36
Msg-id	17907-8cd9b572b6722919@postgresql.org Whole thread Raw
Responses	Re: BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      17907
Logged by:          Adrian Scott
Email address:      ascott@wwf.org.uk
PostgreSQL version: 15.2
Operating system:   Windows 10 Enterprise 64 bit
Description:

We have been alerted to the existence of 3 OpenSSL vulnerabilities that are
exposed within the OpenSSL v3.0.8 DLLs installed as part of the PostgresSQL
15.x install.
In the default install paths the 2 files are found here:
c:\program files\postgresql\15\bin\libcrypto-3-x64.dll
c:\program files\postgresql\15\bin\libssl-3-x64.dll

These are affected by vulnerabilities CVE-2023-0464, CVE-2023-0465 &
CVE-2023-0466

Please can you update the PostgresSQL distributions to include the latest
OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or
3.0.9), to remove these vulnerabilities?

pgsql-bugs by date:

From: Karina Litskevich
Date: 24 April 2023, 15:59:38
Subject: Re: BUG #17731: Server doesn't start after abnormal shutdown while creating unlogged tables

From: Nathan Bossart
Date: 24 April 2023, 22:14:52
Subject: Re: BUG #17903: There is a bug in the KeepLogSeg()

BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466) - Mailing list pgsql-bugs

Previous

Next