Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ron Johnson <[email protected]>
To: pgsql-general <[email protected]>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
Date: Sat, 23 Nov 2024 15:24:47 -0500
Message-ID: <CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
	<[email protected]>
	<CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
	<CAKFQuwbW-5yyVPCjyTJ0uwZZvn9J94s1XzuFnoBbMXp3BC3XyQ@mail.gmail.com>
	<CAD=40Z2+84YNSM7oMb4QBpuAaadk=9XRw3PGEu5Ui_YsWpmtFA@mail.gmail.com>
	<[email protected]>
	<Z0A6Eg2FH2Nb5sWO@pureos>
	<[email protected]>

On Sat, Nov 23, 2024 at 1:10 PM Bruce Momjian <[email protected]> wrote:
[snip]

> I have to admit, for this question, we just point people to:
>
>         https://www.postgresql.org/support/versioning/
>
> and say bounce the database server and install the binaries.  What I
> have never considered before, and I should have, is the complexity of
> doing this for many remote servers.  Can we improve our guidance for
> these cases?
>

What guidance is needed?  Even for us, where firewalls block our servers
from https://download.postgresql.org, it's as simple as downloading the
relevant RPM files *once* (and that done with a PowerShell script), then
patching thusly:

WinScp PG16.4_RHEL8 dir to each server, and on each server
$ sudo -iu postgres pg_ctl stop -mfast -wt9999 -D /path/to/data
$ sudo yum install PG16.4_RHEL8/*rpm
$ sudo -iu postgres pg_ctl start -wt9999 -D /path/to/data

Those three sudo commands take, at most, three minutes.

--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

view thread (25+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
  In-Reply-To: <CANzqJaCph4bT6MQEiDCVROiCQf+jqKKWJowEBqKme-qg83Jzfw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox