Hi, For pgAdmin III it might be worth looking at http://www.bigsql.org/pgadmin3/ <http://www.bigsql.org/pgadmin3/>. They are looking at updating and supporting pgAdmin III for a while longer.
Regards, Ben > On 31 Oct 2016, at 04:43, Sathesh S <sathesh.sunda...@hotmail.com> wrote: > > > Hello All, > > We use pgAdmin III to connect to Greenplum database. We had recently found > out from our vulnerability team that pgAdmin III uses OpenSSL version before > 1.0.2h which has the below vulnerability. > > OpenSSL version before 1.0.1t & 1.0.2h has vulnerabilities. And pgAdmin 3 is > using a vulnerable version of OpenSSL. > > The latest version in pgAdmin III is v1.22 and it is using OpenSSL version > 1.0.2f. > > Below is the info related to the vulnerability: > Overview: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL > before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain > sensitive information from process stack memory or cause a denial of service > (buffer over-read) via crafted EBCDIC ASN.1 data. > > Even though pgAdmin IV uses a OpenSSL version above 1.0.2h, we are unable to > use pgAdmin IV because it is having issues connection to Greenplum (it gives > below error) > > ERROR: unrecognized configuration parameter "bytea_output" > > Can you please help with my below questions: > > 1. I understand that pgAdmin III is not supported anymore, but because > pgAdmin IV is relatively new and lot of people would be still using pgAdmin > III, will a updated version of pgAdmin III released with latest version of > OpenSSL be released? > > 2. Can end users update the OpenSSL version themselves? I mean – Since > pgAdmin IV is using OpenSSL 1.0.2h, can we copy this file to pgAdmin III > v1.22. > Is this workaround okay/allowed? > Will this workaround create any issues in pgAdmin III? > > Please help, thanks in advance. > > Thanks, > Sathesh
