Home > mailing lists

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 - Mailing list pgsql-general

From	Ron Johnson
Subject	Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date	November 24 02:24:47
Msg-id	CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com Whole thread Raw
In response to	Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 (Bruce Momjian <bruce@momjian.us>)
Responses	Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
List	pgsql-general

Tree view

On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <bruce@momjian.us> wrote:

[snip]

I have to admit, for this question, we just point people to:

https://www.postgresql.org/support/versioning/

and say bounce the database server and install the binaries. What I
have never considered before, and I should have, is the complexity of
doing this for many remote servers. Can we improve our guidance for
these cases?

What guidance is needed? Even for us, where firewalls block our servers from https://download.postgresql.org, it's as simple as downloading the relevant RPM files once (and that done with a PowerShell script), then patching thusly:

WinScp PG16.4_RHEL8 dir to each server, and on each server

$ sudo -iu postgres pg_ctl stop -mfast -wt9999 -D /path/to/data

$ sudo yum install PG16.4_RHEL8/*rpm

$ sudo -iu postgres pg_ctl start -wt9999 -D /path/to/data

Those three sudo commands take, at most, three minutes.

Death to <Redacted>, and butter sauce.

Don't boil me, I'm still alive.

<Redacted> lobster!

pgsql-general by date:

From: Gianni Ceccarelli
Date: 24 November, 01:50:50
Subject: Version upgrades and replication

From: Bruce Momjian
Date: 24 November, 03:39:07
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 - Mailing list pgsql-general

Previous

Next