Postgres Pro
Downloads
Home   >   mailing lists

Re: Information to CVE-2022-42889 - Mailing list pgsql-general

From Imre Samu
Subject Re: Information to CVE-2022-42889
Date
Msg-id CAJnEWwm6=GSouXzjDxrhO4xxYn9i4e==V9Hr9pQJPz07t1EESg@mail.gmail.com
Whole thread Raw
In response to Information to CVE-2022-42889  (Cedric Aaron Towstyka <Cedric-Aaron.Towstyka@barmenia.de>)
List pgsql-general
Tree view
> if the above product is affected by the CVE 

You will find the "Known PostgreSQL Security Vulnerabilities in Supported Versions"

For the PostgreSQL JDBC Driver:

you have to search for the "commons-text-1.9.jar" ( commons-text-*.* )  in the servers or in the clients ..
The PostgreSQL ecosystem is huge (e.g. a driver, an extension, or an installer) so you have to check any java related software.
 
Anyway, it's a good time to install the latest patch version of everything.
( Latest PostgreSQL JDBC Driver ;  
  or  Latest  Postgres minor version;  see: https://www.postgresql.org/support/versioning/ )
The Next minor release is expected on:  November 10th, 2022  ( see https://www.postgresql.org/developer/roadmap/ )
"The PostgreSQL Project releases security fixes as part of minor version updates. You are always advised to use the latest minor version available, as it will contain other non-security related fixes."

You will find professional services here: https://www.postgresql.org/support/professional_support/

Regards,
 Imre 
 ( Disclaimer: I am just a Postgres user and not a security expert! )


Cedric Aaron Towstyka <Cedric-Aaron.Towstyka@barmenia.de> ezt írta (időpont: 2022. nov. 8., K, 12:10):

Hello dear PostgreSQL Server Team,

the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der Informationstechnik) has issued a warning for CVE CVE-2022-42889 with the name commons-text. Insurance companies are obliged to analyse the installed software for vulnerabilities of this type.
As the Barmenia is using your product PostgreSQL Server it is necessary to obtain all information regarding any vulnerability against above CVE.

We kindly ask you to provide information if the above product is affected by the CVE and if yes, when a fix will be available.

 

With the request for short-term feedback.

Kind Regards.

 

Cedric Aaron Towstyka

Databaseadministrator

 

Barmenia Krankenversicherung a. G.

Barmenia Allgemeine Versicherungs-AG

Barmenia Lebensversicherung a. G.

Barmenia-Allee 1

42119 Wuppertal

 

+49 202 438 2964

 


facebook.de/barmeniaxing.de/companies/barmeniatwitter.com/barmenia - youtube.de/barmenia

Barmenia Allgemeine Versicherungs-AG
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Aktiengesellschaft
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3033; USt.-Identifikationsnummer: DE 811425914; Versicherungsteuernummer: 810/V90810006337  

Barmenia Krankenversicherung AG
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Aktiengesellschaft
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 28475; USt.-Identifikationsnummer: DE 121102508  

Barmenia Lebensversicherung a. G.
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Versicherungsverein auf Gegenseitigkeit
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3854; USt.-Identifikationsnummer: DE 121102516

 

Attachment

pgsql-general by date:

Previous
From: Albrecht Dreß
Date:
Subject: Q: pg_hba.conf separate database names file format
Next
From: Willian Colognesi
Date:
Subject: Re: Segmentation Fault PG 14