Open SSL Version Query

Started by Sahaj Diwanabout 4 years ago2 messagesgeneral

diwansahaj@gmail.com

about 4 years ago

Hi Team,

Do we use openssl version 1.0.2, 1.1.1 or 3.0 in postgre 13.
If yes then these version are vulnerable CVE-2022-0778 which is now fixed
in later ssl version.

Regards,
Sahaj

Laura Smith

n5d9xq3ti233xiyif2vp@protonmail.ch

about 4 years ago

In reply to: Sahaj Diwan (#1)

Re: Open SSL Version Query

Hi Sahaj

AFAIK this is a question for you to ask your chosen OS provider.

Postgres will be compiled against the system library (dynamic linking) therefore whether your version of OpenSSL has been patched against the vulnerability is a question for your OS provider, not Postgres.

Unless of course you've installed your own version of OpenSSL, in which case you need to ask yourself. ;-)

Laura

------- Original Message -------

On Wednesday, March 23rd, 2022 at 11:48, Sahaj Diwan <diwansahaj@gmail.com> wrote:

Show quoted text

Hi Team,

Do we use openssl version 1.0.2, 1.1.1 or 3.0 in postgre 13.If yes then these version are vulnerable CVE-2022-0778 which is now fixed in later ssl version.

Regards,Sahaj