On Thu, Jun 5, 2014 at 11:03 PM, Magnus Hagander
wrote:
> Hi!
>
> The guys at EnterpriseDB are busy building new installers as we speak, I
> would expect them to be out tomorrow or so.
>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
>
Thanks for
On Thu, Jun 5, 2014 at 7:30 PM, Dev Kumkar wrote:
>
> On Wed, Apr 16, 2014 at 9:08 PM, Dev Kumkar
> wrote:
>
>> On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost
>> wrote:
>>
>>> * Dev Kumkar (devdas.kum...@gmail.com) wrote:
>>> > I just downloaded the latest binaries from EnterpriseDB and when
>>
On Wed, Apr 16, 2014 at 9:08 PM, Dev Kumkar wrote:
> On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost wrote:
>
>> * Dev Kumkar (devdas.kum...@gmail.com) wrote:
>> > I just downloaded the latest binaries from EnterpriseDB and when checked
>> > with libssl.so.1.0.0 can see this:
>> > OpenSSL 1.0.1g
* Dev Kumkar (devdas.kum...@gmail.com) wrote:
> > AFAIK, the binary name is postgres.exe, from what I've read they are
> > static linking openssl. the updated versions on the site linked in another
> > message are fixed per the note on that page.
> > http://www.enterprisedb.com/products-services-t
On Thu, Apr 17, 2014 at 1:31 AM, John R Pierce wrote:
> do you enable SSL and expose it to an insecure network ? if not, no
> exposure to the heartbleed bug.
>
No, SSL is not enabled in my case but also wanted to make sure there is no
binary available which can later result into any potential
On 4/16/2014 12:40 PM, Dev Kumkar wrote:
So does this mean PostgreSQL binaries available on EnterpriseDB has an
impact for windows ?
Can you help me with the binary name?
do you enable SSL and expose it to an insecure network ? if not, no
exposure to the heartbleed bug.
AFAIK, the bin
On Thu, Apr 17, 2014 at 12:53 AM, John R Pierce wrote:
> windows native stuff uses completely different TLS libraries, SChannel and
> stuff. AFAIK, these aren't subject to this bug, which was specific to
> OpenSSL 1.0.1x for x=a-f...openssl is only used on windows when someone
> uses it expl
On 4/16/2014 9:38 AM, Dev Kumkar wrote:
What is the windows equivalent of libssl.so.1.0.0 ?
Please reply as this is really becoming priority for me.
windows native stuff uses completely different TLS libraries, SChannel
and stuff. AFAIK, these aren't subject to this bug, which was specific
Hey,
What is the windows equivalent of libssl.so.1.0.0 ?
Please reply as this is really becoming priority for me.
Regards...
On Wed, Apr 16, 2014 at 6:49 PM, Albe Laurenz wrote:
> Dev Kumkar wrote:
> >> Unless somebody changes the setting to ssl=on, there should be no
> problem.
>
> > Thanks also please help to understand - does changing this
> postgresql.conf setting enough to be
> > vulnerable here?
>
> Just changing
On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost wrote:
> * Dev Kumkar (devdas.kum...@gmail.com) wrote:
> > I just downloaded the latest binaries from EnterpriseDB and when checked
> > with libssl.so.1.0.0 can see this:
> > OpenSSL 1.0.1g 7 Apr 2014
> >
> > OpenSSL 1.0.1g is the patched version.
>
* Dev Kumkar (devdas.kum...@gmail.com) wrote:
> I just downloaded the latest binaries from EnterpriseDB and when checked
> with libssl.so.1.0.0 can see this:
> OpenSSL 1.0.1g 7 Apr 2014
>
> OpenSSL 1.0.1g is the patched version.
Yes, checked w/ them and they say it's all patched..
> Awaiting con
On Wed, Apr 16, 2014 at 6:54 PM, Stephen Frost wrote:
>
> Yeah, I'm doing that already and they're looking into it right now.
>
> Thanks,
>
> Stephen
>
I just downloaded the latest binaries from EnterpriseDB and when checked
with libssl.so.1.0.0 can see this:
OpenSSL 1.0.
* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote:
> Dev Kumkar wrote:
> > > of which OpenSSL package versions' libssl.1.0.0.so is available at
> > > http://www.enterprisedb.com/products-services-training/pgbindownload ?
> > >
> >
> > Ok, looked at the STRINGS versions and the "OpenSSL 1.0.1f 6 Ja
Dev Kumkar wrote:
>> Unless somebody changes the setting to ssl=on, there should be no problem.
> Thanks also please help to understand - does changing this postgresql.conf
> setting enough to be
> vulnerable here?
Just changing the setting will only cause your database server to error
out on re
Dev Kumkar wrote:
> > of which OpenSSL package versions' libssl.1.0.0.so is available at
> > http://www.enterprisedb.com/products-services-training/pgbindownload ?
> >
>
> Ok, looked at the STRINGS versions and the "OpenSSL 1.0.1f 6 Jan 2014" is
> seen.
>
> Please let me know if the new binary i
On Wed, Apr 16, 2014 at 5:28 PM, Dev Kumkar wrote:
> On Wed, Apr 16, 2014 at 4:57 PM, Boszormenyi Zoltan wrote:
>
>> The package version and the soversion are only loosely related.
>> E.g .the upstream OpenSSL 1.0.0 and 1.0.1 series both ship soversion
>> 1.0.0.
>>
>> Best regards,
>> Zoltán Bös
On Wed, Apr 16, 2014 at 3:18 PM, Albe Laurenz wrote:
>
> Unless somebody changes the setting to ssl=on, there should be no problem.
>
> Yours,
> Laurenz Albe
>
Thanks also please help to understand - does changing this postgresql.conf
setting enough to be vulnerable here?
Regards...
On Wed, Apr 16, 2014 at 4:57 PM, Boszormenyi Zoltan wrote:
> The package version and the soversion are only loosely related.
> E.g .the upstream OpenSSL 1.0.0 and 1.0.1 series both ship soversion 1.0.0.
>
> Best regards,
> Zoltán Böszörményi
of which OpenSSL package versions' libssl.1.0.0.so is
On 16 April 2014 21:27, Boszormenyi Zoltan wrote:
> 2014-04-16 12:40 keltezéssel, Tony Theodore írta:
>> 1.0.0 isn't affected.
>
>
> The package version and the soversion are only loosely related.
> E.g .the upstream OpenSSL 1.0.0 and 1.0.1 series both ship soversion 1.0.0.
Good point - thanks!
2014-04-16 12:40 keltezéssel, Tony Theodore írta:
On 16 April 2014 18:48, Dev Kumkar wrote:
We embed certain binaries and libssl.so.1.0.0 gets shipped along with
pre-build in-house database with product.
1.0.0 isn't affected.
The package version and the soversion are only loosely related.
E
On 16 April 2014 18:48, Dev Kumkar wrote:
> We embed certain binaries and libssl.so.1.0.0 gets shipped along with
> pre-build in-house database with product.
1.0.0 isn't affected.
Cheers,
Tony
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subs
Dev Kumkar wrote:
> Can you please let us know about the impact in case binaries are being
> shipped and SSL is off?
Unless somebody changes the setting to ssl=on, there should be no problem.
Yours,
Laurenz Albe
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make chan
We are using postgresql binaries downloaded from here
http://www.enterprisedb.com/products-services-training/pgbindownload
The binaries which are currently at 9.3.3 were updated when the security
vulnerabilities were announced in Feb 2014.
We embed certain binaries and libssl.so.1.0.0 gets shippe
24 matches
Mail list logo
