Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tEuuF-00APcz-Dp for pgsql-general@arkaria.postgresql.org; Sat, 23 Nov 2024 18:30:55 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tEuuE-002u0B-4b for pgsql-general@arkaria.postgresql.org; Sat, 23 Nov 2024 18:30:54 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tEuuD-002u03-P6 for pgsql-general@lists.postgresql.org; Sat, 23 Nov 2024 18:30:53 +0000 Received: from mail-io1-xd30.google.com ([2607:f8b0:4864:20::d30]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tEuuA-003PZm-SQ for pgsql-general@lists.postgresql.org; Sat, 23 Nov 2024 18:30:52 +0000 Received: by mail-io1-xd30.google.com with SMTP id ca18e2360f4ac-83a9be2c0e6so112415139f.2 for ; Sat, 23 Nov 2024 10:30:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1732386650; x=1732991450; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u0NxSZTPYsxM1wSiBHgkZMnss7T20vzZD7pD+bf4azU=; b=IklU+3gkB1hnWhcLT2KMm0OkjsFFqOns6FYg9ef/JqqeT6+cd+vt9Wd2GBgcyWkSW5 js1Up+GQGKcVz1w1tMml/DBB/DdDOV9lYICoFOyVA3VTM17S0pejhpL0nHhGtm1N1w65 wDffRPHM2LYDsm/uyX2IzaPU2yZlVbinVlPiper9+xBrsBQwFK56jUdhsTC4Qbbg+K4e oFUZS29a8fxnsQfdo8GAt9XZTzgLywT+6kyx8pzdRtgUWziktMb6s6jKqrInCqTfgxkr SykMCeeaI8jyQpMOQIhDPmOG9teNd5eRkqx+wj8NNgHTp8DbllwKhWo1alGF8Jjy588L qbgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732386650; x=1732991450; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u0NxSZTPYsxM1wSiBHgkZMnss7T20vzZD7pD+bf4azU=; b=d+SPYVY5dDKluMUdBfFREd/+NF1LSWb6o2VFqtmCRhV2Yp2eKfAQySJ4ljG0LCtrA1 Y6xf+6neMiKbzXuQ89UlIIiBwZBlWXa94eqc/CRhrKebvBig4iQz5dmeCLgRwSvrQhSH MWo8flzPoKXK4ZCwpzA+NveRzvPLbAm9npD8+0r6+ul+ZLpnKoUmc6fo/4Y4l0u66fTl IErVTuKTk9C15mupqdAQkI4xWuDD4H09SKJfy5w7jxwA32IXE82TxrM0BK+7V8k+Ar/c lu0YqIlVZ3ZjHunQhjg4iybIVfy4anGsq66WFxNLNDYLlSqJ+5HFmL3CIGFE7pctIWK7 phWw== X-Forwarded-Encrypted: i=1; AJvYcCUxYE4YEPmwPeoNBOBYwbFypnd+F456Smov4jVMDii7mPTpm3huOnMoCkMvsq1V/wLiugA8xP6E2kqBuYS5@lists.postgresql.org X-Gm-Message-State: AOJu0YyLfVopSXFRVaTbn+J7I1AUD6lRiSDt8JE3F71Ovq3hqoPtWsdp fMQ6OC0lf2yHUAV47Qi/lp39sAPE8VMAdrt+hftA+csuW3ZDuE/BSjqvLc3BdS7ZMkpw6Sh7LVD heVi8xEkiw2yohruUFW+3kMixQus= X-Gm-Gg: ASbGncsp6oU+iQTEkqncbFOyFddG6tvXESnPKNnw8hG/MN+L6RGRjxLIEvs+Bkx3Bm1 0ZTdRi6QPDVfQ20AeqldkxaS7o7uqGYE= X-Google-Smtp-Source: AGHT+IEZOMe+CY957ZGzORuFh8YMQBWswbk99oOOL5SiklNP1ZPKa7Zf5/GvGtiHRkyJuX7GvgffgV+k+ev5OtOxeIE= X-Received: by 2002:a05:6602:3c8:b0:83d:e526:fde7 with SMTP id ca18e2360f4ac-83ecdca5850mr899758239f.6.1732386650053; Sat, 23 Nov 2024 10:30:50 -0800 (PST) MIME-Version: 1.0 References: <7b5846ac-c16e-48d3-b548-99a772a528c5@aklaver.com> <6c898e6499036ce70ac113b52df5c3ff06286a6a.camel@cybertec.at> In-Reply-To: From: Greg Sabino Mullane Date: Sat, 23 Nov 2024 13:30:13 -0500 Message-ID: Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10 To: Bruce Momjian Cc: Matthias Apitz , Laurenz Albe , Subhash Udata , "David G. Johnston" , Adrian Klaver , =?UTF-8?B?6rmA7KO87Jew?= , "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000e3e85b062798b2ea" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000e3e85b062798b2ea Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Nov 23, 2024 at 1:10=E2=80=AFPM Bruce Momjian wr= ote: > and say bounce the database server and install the binaries. What I > have never considered before, and I should have, is the complexity of > doing this for many remote servers. Can we improve our guidance for > these cases? > Hmm I'm not sure what else we can say. Our upgrade process is already drop-dead-simple, especially compared to many (most?) other products out there. People painting themselves into corners is not something we can really help with. Cheers, Greg --000000000000e3e85b062798b2ea Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Sat, Nov 23, 2024 at 1:10=E2=80=AFPM B= ruce Momjian <bruce@momjian.us&g= t; wrote:
and say bounce the database server and install the binarie= s.=C2=A0 What I
have never considered before, and I should have, is the complexity of
doing this for many remote servers.=C2=A0 Can we improve our guidance for these cases?

Hmm I'm not sure what = else we can say. Our upgrade process is already drop-dead-simple, especiall= y compared to many (most?) other products out there. People painting themse= lves into corners is not something we can really help with.

<= /div>
Cheers,
Greg

--000000000000e3e85b062798b2ea--