fix it?
>
I would argue that many possible vulnerabilities are 'mitigated' rather
than 'fixed' and that the guidelines outlined in that blog post are
effective mitigation of this vulnerability and therefore sufficient.
Some would argue passwords are only a mitigati
Hi
>From this blog:
>https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058%3A_Protect_Your_Search_Path
Do you think that this is just a mitigation, not a real fix, is there any plan
to fix it?
Thanks
...@postgresql.org
Asunto: Re: CVE-2018-1058
On 10/17/19 6:46 AM, Lizeth Solis Aramayo wrote:
> Forgot a fourth option:
>
> 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5
> database.
>
>
> I don't know how to do that. May you help me please
>
> Is it j
n.kla...@aklaver.com]
Enviado el: miércoles, 16 de octubre de 2019 18:32
Para: Lizeth Solis Aramayo; pgsql-gene...@postgresql.org
Asunto: Re: CVE-2018-1058
On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote:
> What commands did you use to dump the 9.6.15 version and restore to
> the
> 9.6.5 versio
2
Para: Lizeth Solis Aramayo; pgsql-gene...@postgresql.org
Asunto: Re: CVE-2018-1058
On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote:
What commands did you use to dump the 9.6.15 version and restore to
the
9.6.5 version?
Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump And
Pg_r
in file header
Forgot a fourth option:
4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5
database.
I searched solutions, and I found that I can apply a patch CVE-2018-1058, but
I don¡t know how.
How to download, and install, I dont find documents about it.
he rea
eed more
information though:
a) How are you installing Postgres?
b) How big is the database and is it in production?
I searched solutions, and I found that I can apply a patch CVE-2018-1058, but
I don¡t know how.
How to download, and install, I dont find documents about it.
he reason
't be upgraded. (Mostly due to "Process" in large
organizations.) It's best just to swallow "why can't you upgrade" and
answer the question.
I generally find it best not to assume. See OP's response for why I
stick to that strategy.
https://www.p
On 10/16/19 12:51 PM, Rob Sargent wrote:
On 10/16/19 1:40 PM, Adrian Klaver wrote:
On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote:
Good afternoon,
I am working with postgresql 9.6.15 and I need to restore in a 9.6.5
version, I got an error, and I found this page to install a patch
What
hat I can apply a patch CVE-2018-1058, but
I don¡t know how.
How to download, and install, I dont find documents about it.
he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how.
-Mensaje original-
De: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
En
> On Oct 16, 2019, at 2:55 PM, Ron wrote:
>
> On 10/16/19 2:40 PM, Adrian Klaver wrote:
>> On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote:
>>> Good afternoon,
>>>
>>> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5
>>> version, I got an error, and I found this page to
o "Process" in large
organizations.) It's best just to swallow "why can't you upgrade" and
answer the question.
https://www.postgresql.org/about/news/1834/
CVE-2018-1058
But I don’t k now how to download the patch, please may you help me?
Thank y
On 10/16/19 1:40 PM, Adrian Klaver wrote:
On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote:
Good afternoon,
I am working with postgresql 9.6.15 and I need to restore in a 9.6.5
version, I got an error, and I found this page to install a patch
What commands did you use to dump the 9.6.15 v
?
Which versions software did you use to do above?
What was the error?
The reason why you can't upgrade the 9.6.5 to 9.6.15?
https://www.postgresql.org/about/news/1834/
CVE-2018-1058
But I don’t k now how to download the patch, please may you help me?
Thank you a lot.
Lizeth Solis
Good afternoon,
I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 version,
I got an error, and I found this page to install a patch
https://www.postgresql.org/about/news/1834/
CVE-2018-1058
But I don't k now how to download the patch, please may you help me?
Thank
On 04/08/2018 11:01 AM, Rory Campbell-Lange wrote:
Thanks for your comprehensive response, Adrian.
Fair enough. It is however a tedious problem to resolve in a large
code base and it would be cool to have a new "--set-search-path"
option to pg_dump to override it.
From other posts that cove
ind the change made to the dump format
> > > > due to CVE-2018-1058 are set out here:
> > > > https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path)
> > So if in my database the default search path is x, y, z this "flaw"
> > s
On 04/08/2018 03:40 AM, Rory Campbell-Lange wrote:
On 07/04/18, Adrian Klaver (adrian.kla...@aklaver.com) wrote:
(I'm aware that the reasons behind the change made to the dump format
due to CVE-2018-1058 are set out here:
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018
On 07/04/18, Adrian Klaver (adrian.kla...@aklaver.com) wrote:
> > (I'm aware that the reasons behind the change made to the dump format
> > due to CVE-2018-1058 are set out here:
> > https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path)
>
e made to the dump format
due to CVE-2018-1058 are set out here:
https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path)
Additionally we sometimes use search_path manipulations +
temporary_schema.function to test functions in production environments.
Having to qual
to the header of the pg_dump output.
As a result, pg_restore now fails because we have some table constraints
that use functions which do not use public schema qualified table/column
references.
(I'm aware that the reasons behind the change made to the dump format
due to CVE-2018-105
21 matches
Mail list logo
