public inbox for [email protected]
help / color / mirror / Atom feedFrom: Ron Johnson <[email protected]>
To: pgsql-general <[email protected]>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date: Sat, 23 Nov 2024 21:04:03 -0500
Message-ID: <CANzqJaBVgzvNbWFQtLSnk5mGz9hUp7qmJWaO3_OTPvsJVtD_eQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
<[email protected]>
<CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
<CAKFQuwbW-5yyVPCjyTJ0uwZZvn9J94s1XzuFnoBbMXp3BC3XyQ@mail.gmail.com>
<CAD=40Z2+84YNSM7oMb4QBpuAaadk=9XRw3PGEu5Ui_YsWpmtFA@mail.gmail.com>
<[email protected]>
<Z0A6Eg2FH2Nb5sWO@pureos>
<[email protected]>
<CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com>
<[email protected]>
On Sat, Nov 23, 2024 at 4:39 PM Bruce Momjian <[email protected]> wrote:
> On Sat, Nov 23, 2024 at 03:24:47PM -0500, Ron Johnson wrote:
> > On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <[email protected]> wrote:
> > [snip]
> >
> > I have to admit, for this question, we just point people to:
> >
> > https://www.postgresql.org/support/versioning/
> >
> > and say bounce the database server and install the binaries. What I
> > have never considered before, and I should have, is the complexity of
> > doing this for many remote servers. Can we improve our guidance for
> > these cases?
> >
> >
> > What guidance is needed? Even for us, where firewalls block our servers
> from
> > https://download.postgresql.org, it's as simple as downloading the
> relevant RPM
> > files once (and that done with a PowerShell script), then patching
> thusly:
> >
> > WinScp PG16.4_RHEL8 dir to each server, and on each server
> > $ sudo -iu postgres pg_ctl stop -mfast -wt9999 -D /path/to/data
> > $ sudo yum install PG16.4_RHEL8/*rpm
> > $ sudo -iu postgres pg_ctl start -wt9999 -D /path/to/data
> >
> > Those three sudo commands take, at most, three minutes.
>
> I am thinking more of cases where you have 100+ customers, and you need
> to coordinate/connect to each company to perform the upgrade. Doing
> that every quarter might be a lot of work, and it might be hard to
> justify for every minor release.
>
Two thoughts:
- PGDG publishes release notes.
- PowerShell + Putty(*) are a darned powerful combo for automating remote
maintenance.
*It's more than just a GUI ssh client.
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
view thread (25+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
In-Reply-To: <CANzqJaBVgzvNbWFQtLSnk5mGz9hUp7qmJWaO3_OTPvsJVtD_eQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox