We are using postgresql binaries downloaded from here
http://www.enterprisedb.com/products-services-training/pgbindownload
http://www.enterprisedb.com/products-services-training/pgbindownload
The binaries which are currently at 9.3.3 were updated when the security vulnerabilities were announced in Feb 2014.
We embed certain binaries and libssl.so.1.0.0 gets shipped along with pre-build in-house database with product.
Referred this link http://blog.hagander.net/archives/219-PostgreSQL-and-the-OpenSSL-Heartbleed-vulnerability.html and for our database SSL is off:
SSL connection are in OFF.
NOTE: April 10, 2014: The installers for PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3 and 8.4.21-3 have recently been updated to include a patch to address CVE-2014-0160, a TLS heartbeat read overrun issue in the OpenSSL library that is packaged in the installer.
SSL connection are in OFF.
There is a note for the graphical installers but not the same for binaries:postgres=# show ssl;ssl-----
off
NOTE: April 10, 2014: The installers for PostgreSQL 9.3.4-3, 9.2.8-3, 9.1.13-3, 9.0.17-3 and 8.4.21-3 have recently been updated to include a patch to address CVE-2014-0160, a TLS heartbeat read overrun issue in the OpenSSL library that is packaged in the installer.
Can you please let us know about the impact in case binaries are being shipped and SSL is off?
Regards...
