Thanks Magnus. We have removed as well as replaced the OpenSSLlibraries. The postgresql service is not coming up (SSL is turned off). I thought OpenSSL is used when we turn on SSL in postgresql.
Thanks V.S.Saravanan On Thu, Jun 12, 2014 at 7:56 PM, Magnus Hagander <mag...@hagander.net> wrote: > On Thu, Jun 12, 2014 at 8:43 AM, Saravanan Subramaniyan < > sara1...@gmail.com> wrote: > >> Hi All, >> Recently OpenSSL released Security Advisory. Please refer below link >> >> http://www.openssl.org/news/secadv_20140605.txt. >> >> We are using postgresql version 9.2.8 which is vulnerable. Is postgresql >> planning to release new version which include OpenSSL 1.0.1h? >> >> > PostgreSQL itself is not vulnerable, so we will not release a new version. > > If you are using the EnterpriseDB graphical installers, they are indeed > bundling the OpenSSL and it at least used to be the vulnerable version. > Unfortunately they don't seem to have information about the updates yet - I > will see if i can ping them about making sure that goes on there. I think > they have already patched it - but it's not confirmed on the website. > > -- > Magnus Hagander > Me: http://www.hagander.net/ > Work: http://www.redpill-linpro.com/ >
