| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | ascott(at)wwf(dot)org(dot)uk |
| Subject: | BUG #17907: PostgresSQL 15.x contains OpenSSL DLLs (vulnerable to CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466) |
| Date: | 2023-04-24 14:34:36 |
| Message-ID: | 17907-8cd9b572b6722919@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 17907
Logged by: Adrian Scott
Email address: ascott(at)wwf(dot)org(dot)uk
PostgreSQL version: 15.2
Operating system: Windows 10 Enterprise 64 bit
Description:
We have been alerted to the existence of 3 OpenSSL vulnerabilities that are
exposed within the OpenSSL v3.0.8 DLLs installed as part of the PostgresSQL
15.x install.
In the default install paths the 2 files are found here:
c:\program files\postgresql\15\bin\libcrypto-3-x64.dll
c:\program files\postgresql\15\bin\libssl-3-x64.dll
These are affected by vulnerabilities CVE-2023-0464, CVE-2023-0465 &
CVE-2023-0466
Please can you update the PostgresSQL distributions to include the latest
OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or
3.0.9), to remove these vulnerabilities?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2023-04-24 19:14:52 | Re: BUG #17903: There is a bug in the KeepLogSeg() |
| Previous Message | Karina Litskevich | 2023-04-24 12:59:38 | Re: BUG #17731: Server doesn't start after abnormal shutdown while creating unlogged tables |