Thanks Magnus. We are using package downloaded from enterprisedb. Thanks for the clarification.
Regards V.S.Saravanan On 13 Jun 2014 15:37, "Magnus Hagander" <mag...@hagander.net> wrote: > > > > On Fri, Jun 13, 2014 at 5:25 AM, Saravanan Subramaniyan < > sara1...@gmail.com> wrote: > >> Thanks Magnus. We have removed as well as replaced the OpenSSLlibraries. >> The postgresql service is not coming up (SSL is turned off). I thought >> OpenSSL is used when we turn on SSL in postgresql. >> > > > PostgreSQL *uses* OpenSSL, but does not contain it. > > PostgreSQL is still linked against openssl, so if you replaced it with an > incompatible version then it would break. But as I said, it depends on your > distribution of PostgreSQL. As long as you use something like RPM or DEB > packaging, that's all taken care of by the operating system and nothing is > bundled by PostgreSQL. If you installed manually from source, for example, > then of course you need to make sure that your updated openssl is > compatible with the old one. > > //Magnus > > >> Thanks >> V.S.Saravanan >> >> >> On Thu, Jun 12, 2014 at 7:56 PM, Magnus Hagander <mag...@hagander.net> >> wrote: >> >>> On Thu, Jun 12, 2014 at 8:43 AM, Saravanan Subramaniyan < >>> sara1...@gmail.com> wrote: >>> >>>> Hi All, >>>> Recently OpenSSL released Security Advisory. Please refer below link >>>> >>>> http://www.openssl.org/news/secadv_20140605.txt. >>>> >>>> We are using postgresql version 9.2.8 which is vulnerable. Is >>>> postgresql planning to release new version which include OpenSSL 1.0.1h? >>>> >>>> >>> PostgreSQL itself is not vulnerable, so we will not release a new >>> version. >>> >>> If you are using the EnterpriseDB graphical installers, they are indeed >>> bundling the OpenSSL and it at least used to be the vulnerable version. >>> Unfortunately they don't seem to have information about the updates yet - I >>> will see if i can ping them about making sure that goes on there. I think >>> they have already patched it - but it's not confirmed on the website. >>> >>> -- >>> Magnus Hagander >>> Me: http://www.hagander.net/ >>> Work: http://www.redpill-linpro.com/ >>> >> >> > > > -- > Magnus Hagander > Me: http://www.hagander.net/ > Work: http://www.redpill-linpro.com/ >
