Participants
Hilbert, Karin
Hilbert, Karin
Ron
Ron
Diego
Diego
Magnus Hagander
Magnus Hagander
Attachments
Show all attachments
Thread Outline
#1Hilbert, KarinHilbert, Karin
Jul 17, 2020
#2RonRonto Hilbert, Karin (#1)
Jul 17, 2020
#3DiegoDiegoto Hilbert, Karin (#1)
Jul 17, 2020
#4Magnus HaganderMagnus Haganderto Hilbert, Karin (#1)
Jul 17, 2020

Security Vulnerability on PostgreSQL VMs

Started by Hilbert, Karinover 5 years ago4 messagesgeneral
Jump to latest
#1Hilbert, Karin
Hilbert, Karin
ioh1@psu.edu

We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're also running repmgr v5.1.0 & PgBouncer v1.13.

We're getting vulnerability reports from our Security Office for the following packages:
- python-pulp-agent-lib-2.13.4.16-1.el7sat
- python-gofer-2.12.5-5.el7sat

For some reason these packages aren't being updated to the current versions & our Linux Admins haven't been able to resolve the update issue. It has something to do with a satellite? (I'm not a Linux Admin - I don't really know what they're talking about). Anyway, are these packages anything that would be required by PostgreSQL, repmgr or PgBouncer? It's nothing that I installed on the VMs - I assume that it's something installed along with the OS. The Linux Admin's recommendation is to just remove these packages.

Thanks,

Karin Hilbert

#2Ron
Ron
ronljohnsonjr@gmail.com
In reply to: Hilbert, Karin (#1)
Re: Security Vulnerability on PostgreSQL VMs

There has to be some "yum" or "rpm" option to show what depends on those
packages.

On 7/17/20 10:44 AM, Hilbert, Karin wrote:

We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux
VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS.  We're
also running repmgr v5.1.0 & PgBouncer v1.13.

We're getting vulnerability reports from our Security Office for the
following packages:
 - python-pulp-agent-lib-2.13.4.16-1.el7sat
 - python-gofer-2.12.5-5.el7sat

For some reason these packages aren't being updated to the current
versions & our LinuxAdmins haven't been able to resolve the update issue. 
It has something to do with a satellite?  (I'm not a Linux Admin - I don't
really know what they're talking about).  Anyway, *are these packages
anything that would be required by PostgreSQL, repmgr or PgBouncer?*  It's
nothing that I installed on the VMs - I assume that it's something
installed along with the OS.  The Linux Admin's recommendation is to just
remove these packages.

Thanks,
Karin Hilbert

--
Angular momentum makes the world go 'round.

#3Diego
Diego
mrstephenamell@gmail.com
In reply to: Hilbert, Karin (#1)
Re: Security Vulnerability on PostgreSQL VMs

Hi!

Try with "yum deplist <package name>" to check who app use phyton.

Diego,

Show quoted text

On 2020-07-17 12:44, Hilbert, Karin wrote:

We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various
Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo)
OS.� We're also running repmgr v5.1.0 & PgBouncer v1.13.

We're getting vulnerability�reports from our Security Office for the
following packages:
�-�python-pulp-agent-lib-2.13.4.16-1.el7sat
�-�python-gofer-2.12.5-5.el7sat

For some reason these packages aren't being updated to the current
versions & our LinuxAdmins haven't been able to resolve the update
issue.� It has something to do with a satellite? �(I'm not a Linux
Admin - I don't really know what they're talking about).� Anyway, *are
these packages anything that would be required by PostgreSQL, repmgr
or PgBouncer?*� It's nothing that I installed on the VMs - I assume
that it's something installed along with the OS.� The Linux Admin's
recommendation is to just remove these packages.

Thanks,
Karin Hilbert

#4Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Hilbert, Karin (#1)
Re: Security Vulnerability on PostgreSQL VMs

On Fri, Jul 17, 2020 at 5:44 PM Hilbert, Karin <ioh1@psu.edu> wrote:

We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux
VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're
also running repmgr v5.1.0 & PgBouncer v1.13.

We're getting vulnerability reports from our Security Office for the
following packages:
- python-pulp-agent-lib-2.13.4.16-1.el7sat
- python-gofer-2.12.5-5.el7sat

For some reason these packages aren't being updated to the current
versions & our Linux Admins haven't been able to resolve the update
issue. It has something to do with a satellite? (I'm not a Linux Admin -
I don't really know what they're talking about). Anyway, *are these
packages anything that would be required by PostgreSQL, repmgr or
PgBouncer?* It's nothing that I installed on the VMs - I assume that
it's something installed along with the OS. The Linux Admin's
recommendation is to just remove these packages.

They are not. They are part Pulp for example, but in particular they are
part of RedHat Satellite which is probably why the package version has a
name ending in "sat". So it would be something a Linux admin would put in
there, not the DBA.

But to answer the question, no they are not required by PostgreSQL, repmgr
or pgbouncer.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/&gt;
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/&gt;

← Back to Topics