Postgres Pro
Downloads
Home   >   mailing lists

Thread: Vulnerability PostgreSQL 11.2

Vulnerability PostgreSQL 11.2

From
Moris Rumenov Vrachovski
Date:
Hello,

I am not even sure if I am contacting the right person maybe you can direct me to the right person.
My vulnerability scanner is telling me this in regards to PostgreSQL

Path : C:\Program Files\PostgreSQL\11 Installed version : 11.2 Fixed version : 11.11


I have contacted my support team for my vulnerability scanner. But it was worth emailing you guys as well just in case this might be an error on your end as well.

Thank you!
--
Moris Vrachovski

Re: Vulnerability PostgreSQL 11.2

From
Magnus Hagander
Date:
On Thu, Apr 15, 2021 at 12:32 PM Moris Rumenov Vrachovski
<mrvrach@uw.edu> wrote:
>
> Hello,
>
> I am not even sure if I am contacting the right person maybe you can direct me to the right person.
> My vulnerability scanner is telling me this in regards to PostgreSQL
>
> Path : C:\Program Files\PostgreSQL\11 Installed version : 11.2 Fixed version : 11.11
>
>
> I have contacted my support team for my vulnerability scanner. But it was worth emailing you guys as well just in
casethis might be an error on your end as well.
 


Hello!

There are multiple vulnerabilities between 11.2 and 11.11, as you can
see on https://www.postgresql.org/support/security/11/. So it sounds
like your vulnerability scanner is right and that you need to install
the updates.


-- 
 Magnus Hagander
 Me: https://www.hagander.net/
 Work: https://www.redpill-linpro.com/

Re: Vulnerability PostgreSQL 11.2

From
Moris Rumenov Vrachovski
Date:
Thank you Laurenz! I have a second question. I downloaded postgreSQl 11.11 to upgrade from 11.2. I am having trouble upgrading postgresql, it is trying to install  a new postgreSQL instead of upgrading. 

On Thu, Apr 15, 2021 at 5:08 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Wed, 2021-04-14 at 16:10 -0700, Moris Rumenov Vrachovski wrote:
> I am not even sure if I am contacting the right person maybe you can direct me to the right person.
> My vulnerability scanner is telling me this in regards to PostgreSQL
>
> Path              : C:\Program Files\PostgreSQL\11
>   Installed version : 11.2
>   Fixed version     : 11.11
>
>
> I have contacted my support team for my vulnerability scanner. But it was worth emailing you guys as well just in case this might be an error on your end as well.

I think that your scanner is telling you to install the latest fix for v11,
and it is right to complain.

Read https://www.postgresql.org/support/versioning/

Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com



--
Moris Vrachovski

Re: Vulnerability PostgreSQL 11.2

From
Laurenz Albe
Date:
On Fri, 2021-04-16 at 10:57 -0700, Moris Rumenov Vrachovski wrote:
> Thank you Laurenz! I have a second question. I downloaded postgreSQl 11.11 to upgrade from 11.2.
>  I am having trouble upgrading postgresql, it is trying to install  a new postgreSQL instead of upgrading.

A minor upgrade is done by installing the binaries and overwriting the old ones.
It sounds like you are doing the right thing.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com

Re: Vulnerability PostgreSQL 11.2

From
Laurenz Albe
Date:
On Fri, 2021-04-16 at 10:57 -0700, Moris Rumenov Vrachovski wrote:
> Thank you Laurenz! I have a second question. I downloaded postgreSQl 11.11 to upgrade from 11.2.
>  I am having trouble upgrading postgresql, it is trying to install  a new postgreSQL instead of upgrading.

That sounds right.  A minor upgrade consists of installing the new files and
replacing the old ones, then restarting the server.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com