public inbox for [email protected]
help / color / mirror / Atom feedFrom: Adrian Klaver <[email protected]>
To: Subhash Udata <[email protected]>
Cc: 김주연 <[email protected]>
Cc: [email protected]
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date: Thu, 21 Nov 2024 20:38:13 -0800
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
<[email protected]>
<CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
On 11/21/24 19:57, Subhash Udata wrote:
> Hi Adrian,
>
> Thank you for your response regarding the affected versions of
> PostgreSQL. I have a follow-up question for clarification:
>
> The PostgreSQL documentation mentions that the versions with a fix for
> CVE-2024-10979 are *17.1, 16.5, 15.9, 14.14, 13.17, and 12.21*. However,
> your reply states that any version greater than 13+ should suffice.
Any major version 13+. Postgres uses a X.x numbering scheme where X is
major version and x is minor version. If you go here:
https://www.postgresql.org/support/versioning/
you will see that translates to in terms of support. If you move to 13.x
you will have one more year before you would need to move to a newer
version. It is up to you to decide if that is okay or whether you want
to move a version that is newer to have more time to plan the next move.
In either case you should use the latest minor release that is current
at the time. Minor releases are bug/security fixes and it is important
that you keep up with them. The latest round of minor releases where
done yesterday and that is what you should be installing.
>
> Could you please confirm if upgrading to one of the specific versions
> listed above is mandatory, or is it acceptable to upgrade to any version
> higher than 13?
>
> Your guidance will help us determine the appropriate upgrade path for
> our environment.
>
> Thank you for your time and assistance.
>
>
> On Thu, 21 Nov 2024 at 12:24, Adrian Klaver <[email protected]
> <mailto:[email protected]>> wrote:
>
> On 11/20/24 22:44, 김주연 wrote:
> > Hello, I am currently using PostgreSQL 11.10 and would like to
> know if
> > the CVE-2024-10979 vulnerability affects this version.
>
> Postgres 11 is past EOL, see:
>
> https://www.postgresql.org/support/versioning/
> <https://www.postgresql.org/support/versioning/;
>
>
> > If it does impact my version, I would like to know which version I
> > should upgrade to.
>
> Any version from 13+.
>
> --
> Adrian Klaver
> [email protected] <mailto:[email protected]>
>
>
>
--
Adrian Klaver
[email protected]
view thread (25+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox