Le jeu. 15 sept. 2022 à 16:52, misha1966 misha1966 <mmisha1...@bk.ru> a écrit :
> Is there a patch for 9.6 ? > A quick Google search for "postgres CVE-2022-2625" gives you https://www.postgresql.org/support/security/CVE-2022-2625/. And this page tells you there's only a fix for releases 10 to 14. Moreover, fixes in 2022 won't have a patch for releases prior to v10. > > > Четверг, 15 сентября 2022, 17:55 +09:00 от Ron <ronljohnso...@gmail.com>: > > Software is only certified for 9.5? Hopefully you're running 9.5.25. > > I feel your pain... we've got some databases that will stay at 9.6 for > another year. > > On 9/14/22 23:24, misha1966 misha1966 wrote: > > All business processes are hooked on postgresql 9.5. There is no way to > update. > Unfortunately, I don't have the proper qualifications to change it. > > > Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe > <laurenz.a...@cybertec.at> > <//e.mail.ru/compose/?mailto=mailto%3alaurenz.a...@cybertec.at>: > > On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote: > > Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5? > > If so, who knows how to patch it? Patches from version 10 are not > suitable at all... > > Yes, that vulnerability exists in 9.5. > > To patch that, you'd have to try and backpatch the commit to 9.5 yourself: > > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0 > > Since 9.5 is out of support, there are no more bugfixes for it provided > by the community. If security were a real concern for you, you would > certainly not be running a PostgreSQL version that is out of support. > > Yours, > Laurenz Albe > -- > Cybertec | https://www.cybertec-postgresql.com > > > > > > -- > Angular momentum makes the world go 'round. > > > -- Guillaume.
