How can I check this vulnerability. Which SQL to execute?
>Четверг, 15 сентября 2022, 17:22 +09:00 от Laurenz Albe
><laurenz.a...@cybertec.at>:
>
>On Thu, 2022-09-15 at 07:24 +0300, misha1966 misha1966 wrote:
>> > Четверг, 15 сентября 2022, 1:58 +09:00 от Laurenz Albe <
>> > laurenz.a...@cybertec.at >:
>> >
>> > On Wed, 2022-09-14 at 17:02 +0300, misha1966 misha1966 wrote:
>> > > Tell me, is there a CVE-2022-2625 vulnerability in posgresql 9.5?
>> > > If so, who knows how to patch it? Patches from version 10 are not
>> > > suitable at all...
>> >
>> > Yes, that vulnerability exists in 9.5.
>> >
>> > To patch that, you'd have to try and backpatch the commit to 9.5 yourself:
>> >
>> > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b9b21acc766db54d8c337d508d0fe2f5bf2daab0
>> >
>> > Since 9.5 is out of support, there are no more bugfixes for it provided
>> > by the community. If security were a real concern for you, you would
>> > certainly not be running a PostgreSQL version that is out of support.
>>
>> All business processes are hooked on postgresql 9.5. There is no way to
>> update.
>> Unfortunately, I don't have the proper qualifications to change it.
>So these "business processes" are more important than security at your site.
>That's fine; everybody has to make their choices.
>But remember that there are also known data-eating bugs lurking in your
>outdated software.
>
>Yours,
>Laurenz Albe
>--
>Cybertec | https://www.cybertec-postgresql.com
