Re: Security Vulnerability on PostgreSQL VMs

Diego <mrstephenamell@gmail.com>

From: Diego <mrstephenamell@gmail.com>
To: "Hilbert, Karin" <ioh1@psu.edu>, "pgsql-general@postgresql.org" <pgsql-general@postgresql.org>
Date: 2020-07-17T16:07:33Z
Lists: pgsql-general
Hi!


Try with "yum deplist <package name>" to check who app use phyton.


Diego,


On 2020-07-17 12:44, Hilbert, Karin wrote:
> We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various 
> Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) 
> OS.  We're also running repmgr v5.1.0 & PgBouncer v1.13.
>
> We're getting vulnerability reports from our Security Office for the 
> following packages:
>  - python-pulp-agent-lib-2.13.4.16-1.el7sat
>  - python-gofer-2.12.5-5.el7sat
>
> For some reason these packages aren't being updated to the current 
> versions & our LinuxAdmins haven't been able to resolve the update 
> issue.  It has something to do with a satellite?  (I'm not a Linux 
> Admin - I don't really know what they're talking about).  Anyway, *are 
> these packages anything that would be required by PostgreSQL, repmgr 
> or PgBouncer?*  It's nothing that I installed on the VMs - I assume 
> that it's something installed along with the OS.  The Linux Admin's 
> recommendation is to just remove these packages.
>
> Thanks,
> Karin Hilbert
>