Search Postgresql Archives

Re: Information to CVE-2022-42889

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> if the above product is affected by the CVE 

You will find the "Known PostgreSQL Security Vulnerabilities in Supported Versions"
here: https://www.postgresql.org/support/security/

For the PostgreSQL JDBC Driver:
please check https://jdbc.postgresql.org/security/
or the fixed CVE lists: https://github.com/pgjdbc/pgjdbc/issues?q=CVE+sort%3Aupdated-desc
or https://github.com/pgjdbc/pgjdbc/security/advisories ( Security Advisories )

Based on https://www.docker.com/blog/security-advisory-cve-2022-42889-text4shell/
you have to search for the "commons-text-1.9.jar" ( commons-text-*.* )  in the servers or in the clients ..
The PostgreSQL ecosystem is huge (e.g. a driver, an extension, or an installer) so you have to check any java related software.
 
Anyway, it's a good time to install the latest patch version of everything.
( Latest PostgreSQL JDBC Driver ;  
  or  Latest  Postgres minor version;  see: https://www.postgresql.org/support/versioning/ )
The Next minor release is expected on:  November 10th, 2022  ( see https://www.postgresql.org/developer/roadmap/ )
"The PostgreSQL Project releases security fixes as part of minor version updates. You are always advised to use the latest minor version available, as it will contain other non-security related fixes."

You will find professional services here: https://www.postgresql.org/support/professional_support/

Regards,
 Imre 
 ( Disclaimer: I am just a Postgres user and not a security expert! )


Cedric Aaron Towstyka <Cedric-Aaron.Towstyka@xxxxxxxxxxx> ezt írta (időpont: 2022. nov. 8., K, 12:10):

Hello dear PostgreSQL Server Team,

the german bureau for IT-Security "BSI" (Bundesamt für Sicherheit in der Informationstechnik) has issued a warning for CVE CVE-2022-42889 with the name commons-text. Insurance companies are obliged to analyse the installed software for vulnerabilities of this type.
As the Barmenia is using your product PostgreSQL Server it is necessary to obtain all information regarding any vulnerability against above CVE.

We kindly ask you to provide information if the above product is affected by the CVE and if yes, when a fix will be available.

 

With the request for short-term feedback.

Kind Regards.

 

Cedric Aaron Towstyka

Databaseadministrator

 

Barmenia Krankenversicherung a. G.

Barmenia Allgemeine Versicherungs-AG

Barmenia Lebensversicherung a. G.

Barmenia-Allee 1

42119 Wuppertal

 

+49 202 438 2964

 


facebook.de/barmeniaxing.de/companies/barmeniatwitter.com/barmenia - youtube.de/barmenia

Barmenia Allgemeine Versicherungs-AG
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Aktiengesellschaft
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3033; USt.-Identifikationsnummer: DE 811425914; Versicherungsteuernummer: 810/V90810006337  

Barmenia Krankenversicherung AG
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Aktiengesellschaft
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 28475; USt.-Identifikationsnummer: DE 121102508  

Barmenia Lebensversicherung a. G.
Vorstand: Dr. Andreas Eurich (Vorsitzender) - Frank Lamsfuß - Ulrich Lamy - Carola Schroeder
Aufsichtsrats-Vorsitzender: Dr. h. c. Josef Beutelmann; Rechtsform des Unternehmens: Versicherungsverein auf Gegenseitigkeit
Sitz: Wuppertal; Amtsgericht Wuppertal HRB 3854; USt.-Identifikationsnummer: DE 121102516

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux