Home > mailing lists

Heartbleed Impact - Mailing list pgsql-general

From	Dev Kumkar
Subject	Heartbleed Impact
Date	April 16, 2014 11:48:09
Msg-id	CALSLE1OHAm4Z2SizHNhaUP0b655wzbRKTUYnNsF6uy_JVn9vrg@mail.gmail.com Whole thread Raw
Responses	Re: Heartbleed Impact (Albe Laurenz <laurenz.albe@wien.gv.at>) Re: Heartbleed Impact (Tony Theodore <tonyt@logyst.com>)
List	pgsql-general

Tree view

We are using postgresql binaries downloaded from here
http://www.enterprisedb.com/products-services-training/pgbindownload

The binaries which are currently at 9.3.3 were updated when the security vulnerabilities were announced in Feb 2014.

We embed certain binaries and libssl.so.1.0.0 gets shipped along with pre-build in-house database with product.

Referred this link http://blog.hagander.net/archives/219-PostgreSQL-and-the-OpenSSL-Heartbleed-vulnerability.html and for our database SSL is off:
SSL connection are in OFF.

        postgres=# show ssl;
         ssl 
        -----

         off

There is a note for the graphical installers but not the same for binaries:
NOTE: April 10, 2014: The installers for PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3 and 8.4.21-3 have recently been updated to include a patch to address CVE-2014-0160, a TLS heartbeat read overrun issue in the OpenSSL library that is packaged in the installer.

Can you please let us know about the impact in case binaries are being shipped and SSL is off?

Regards...

pgsql-general by date:

From: Alberto Cabello Sánchez
Date: 16 April 2014, 09:52:32
Subject: Re: Trouble installing Slony 2.0

From: Albe Laurenz
Date: 16 April 2014, 12:43:28
Subject: Re: [GENARAL] round() bug

Heartbleed Impact - Mailing list pgsql-general

Previous

Next