Thread

  1. Security Vulnerability on PostgreSQL VMs

    Hilbert, Karin <ioh1@psu.edu> — 2020-07-17T15:44:09Z

    We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS.  We're also running repmgr v5.1.0 & PgBouncer v1.13.
    
    We're getting vulnerability reports from our Security Office for the following packages:
     - python-pulp-agent-lib-2.13.4.16-1.el7sat
     - python-gofer-2.12.5-5.el7sat
    
    For some reason these packages aren't being updated to the current versions & our Linux Admins haven't been able to resolve the update issue.  It has something to do with a satellite?   (I'm not a Linux Admin - I don't really know what they're talking about).  Anyway, are these packages anything that would be required by PostgreSQL, repmgr or PgBouncer?  It's nothing that I installed on the VMs - I assume that it's something installed along with the OS.  The Linux Admin's recommendation is to just remove these packages.
    
    Thanks,
    
    Karin Hilbert
    
    
  2. Re: Security Vulnerability on PostgreSQL VMs

    Ron <ronljohnsonjr@gmail.com> — 2020-07-17T16:03:43Z

    There has to be some "yum" or "rpm" option to show what depends on those 
    packages.
    
    On 7/17/20 10:44 AM, Hilbert, Karin wrote:
    > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux 
    > VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS.  We're 
    > also running repmgr v5.1.0 & PgBouncer v1.13.
    >
    > We're getting vulnerability reports from our Security Office for the 
    > following packages:
    >  - python-pulp-agent-lib-2.13.4.16-1.el7sat
    >  - python-gofer-2.12.5-5.el7sat
    >
    > For some reason these packages aren't being updated to the current 
    > versions & our LinuxAdmins haven't been able to resolve the update issue.  
    > It has something to do with a satellite?  (I'm not a Linux Admin - I don't 
    > really know what they're talking about).  Anyway, *are these packages 
    > anything that would be required by PostgreSQL, repmgr or PgBouncer?*  It's 
    > nothing that I installed on the VMs - I assume that it's something 
    > installed along with the OS.  The Linux Admin's recommendation is to just 
    > remove these packages.
    >
    > Thanks,
    > Karin Hilbert
    >
    
    -- 
    Angular momentum makes the world go 'round.
    
  3. Re: Security Vulnerability on PostgreSQL VMs

    Diego <mrstephenamell@gmail.com> — 2020-07-17T16:07:33Z

    Hi!
    
    
    Try with "yum deplist <package name>" to check who app use phyton.
    
    
    Diego,
    
    
    On 2020-07-17 12:44, Hilbert, Karin wrote:
    > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various 
    > Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) 
    > OS.  We're also running repmgr v5.1.0 & PgBouncer v1.13.
    >
    > We're getting vulnerability reports from our Security Office for the 
    > following packages:
    >  - python-pulp-agent-lib-2.13.4.16-1.el7sat
    >  - python-gofer-2.12.5-5.el7sat
    >
    > For some reason these packages aren't being updated to the current 
    > versions & our LinuxAdmins haven't been able to resolve the update 
    > issue.  It has something to do with a satellite?  (I'm not a Linux 
    > Admin - I don't really know what they're talking about).  Anyway, *are 
    > these packages anything that would be required by PostgreSQL, repmgr 
    > or PgBouncer?*  It's nothing that I installed on the VMs - I assume 
    > that it's something installed along with the OS.  The Linux Admin's 
    > recommendation is to just remove these packages.
    >
    > Thanks,
    > Karin Hilbert
    >
    
  4. Re: Security Vulnerability on PostgreSQL VMs

    Magnus Hagander <magnus@hagander.net> — 2020-07-17T16:11:32Z

    On Fri, Jul 17, 2020 at 5:44 PM Hilbert, Karin <ioh1@psu.edu> wrote:
    
    > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux
    > VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS.  We're
    > also running repmgr v5.1.0 & PgBouncer v1.13.
    >
    > We're getting vulnerability reports from our Security Office for the
    > following packages:
    >  - python-pulp-agent-lib-2.13.4.16-1.el7sat
    >  - python-gofer-2.12.5-5.el7sat
    >
    > For some reason these packages aren't being updated to the current
    > versions & our Linux Admins haven't been able to resolve the update
    > issue.  It has something to do with a satellite?   (I'm not a Linux Admin -
    > I don't really know what they're talking about).  Anyway, *are these
    > packages anything that would be required by PostgreSQL, repmgr or
    > PgBouncer?*  It's nothing that I installed on the VMs - I assume that
    > it's something installed along with the OS.  The Linux Admin's
    > recommendation is to just remove these packages.
    >
    
    They are not. They are part Pulp for example, but in particular they are
    part of RedHat Satellite which is probably why the package version has a
    name ending in "sat". So it would be something a Linux admin would put in
    there, not the DBA.
    
    But to answer the question, no they are not required by PostgreSQL, repmgr
    or pgbouncer.
    
    -- 
     Magnus Hagander
     Me: https://www.hagander.net/ <http://www.hagander.net/>
     Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>