Thread
-
Security Vulnerability on PostgreSQL VMs
Hilbert, Karin <ioh1@psu.edu> — 2020-07-17T15:44:09Z
We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're also running repmgr v5.1.0 & PgBouncer v1.13. We're getting vulnerability reports from our Security Office for the following packages: - python-pulp-agent-lib-2.13.4.16-1.el7sat - python-gofer-2.12.5-5.el7sat For some reason these packages aren't being updated to the current versions & our Linux Admins haven't been able to resolve the update issue. It has something to do with a satellite? (I'm not a Linux Admin - I don't really know what they're talking about). Anyway, are these packages anything that would be required by PostgreSQL, repmgr or PgBouncer? It's nothing that I installed on the VMs - I assume that it's something installed along with the OS. The Linux Admin's recommendation is to just remove these packages. Thanks, Karin Hilbert
-
Re: Security Vulnerability on PostgreSQL VMs
Ron <ronljohnsonjr@gmail.com> — 2020-07-17T16:03:43Z
There has to be some "yum" or "rpm" option to show what depends on those packages. On 7/17/20 10:44 AM, Hilbert, Karin wrote: > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux > VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're > also running repmgr v5.1.0 & PgBouncer v1.13. > > We're getting vulnerability reports from our Security Office for the > following packages: > - python-pulp-agent-lib-2.13.4.16-1.el7sat > - python-gofer-2.12.5-5.el7sat > > For some reason these packages aren't being updated to the current > versions & our LinuxAdmins haven't been able to resolve the update issue. > It has something to do with a satellite? (I'm not a Linux Admin - I don't > really know what they're talking about). Anyway, *are these packages > anything that would be required by PostgreSQL, repmgr or PgBouncer?* It's > nothing that I installed on the VMs - I assume that it's something > installed along with the OS. The Linux Admin's recommendation is to just > remove these packages. > > Thanks, > Karin Hilbert > -- Angular momentum makes the world go 'round.
-
Re: Security Vulnerability on PostgreSQL VMs
Diego <mrstephenamell@gmail.com> — 2020-07-17T16:07:33Z
Hi! Try with "yum deplist <package name>" to check who app use phyton. Diego, On 2020-07-17 12:44, Hilbert, Karin wrote: > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various > Linux VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) > OS. We're also running repmgr v5.1.0 & PgBouncer v1.13. > > We're getting vulnerability reports from our Security Office for the > following packages: > - python-pulp-agent-lib-2.13.4.16-1.el7sat > - python-gofer-2.12.5-5.el7sat > > For some reason these packages aren't being updated to the current > versions & our LinuxAdmins haven't been able to resolve the update > issue. It has something to do with a satellite? (I'm not a Linux > Admin - I don't really know what they're talking about). Anyway, *are > these packages anything that would be required by PostgreSQL, repmgr > or PgBouncer?* It's nothing that I installed on the VMs - I assume > that it's something installed along with the OS. The Linux Admin's > recommendation is to just remove these packages. > > Thanks, > Karin Hilbert >
-
Re: Security Vulnerability on PostgreSQL VMs
Magnus Hagander <magnus@hagander.net> — 2020-07-17T16:11:32Z
On Fri, Jul 17, 2020 at 5:44 PM Hilbert, Karin <ioh1@psu.edu> wrote: > We have PostgreSQL v9.6 & also PostgreSQL v11.8 installed on various Linux > VMs with Red Hat Enterprise Linux Server release 7.8 (Maipo) OS. We're > also running repmgr v5.1.0 & PgBouncer v1.13. > > We're getting vulnerability reports from our Security Office for the > following packages: > - python-pulp-agent-lib-2.13.4.16-1.el7sat > - python-gofer-2.12.5-5.el7sat > > For some reason these packages aren't being updated to the current > versions & our Linux Admins haven't been able to resolve the update > issue. It has something to do with a satellite? (I'm not a Linux Admin - > I don't really know what they're talking about). Anyway, *are these > packages anything that would be required by PostgreSQL, repmgr or > PgBouncer?* It's nothing that I installed on the VMs - I assume that > it's something installed along with the OS. The Linux Admin's > recommendation is to just remove these packages. > They are not. They are part Pulp for example, but in particular they are part of RedHat Satellite which is probably why the package version has a name ending in "sat". So it would be something a Linux admin would put in there, not the DBA. But to answer the question, no they are not required by PostgreSQL, repmgr or pgbouncer. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>