-
- Influencer
- Posts: 15
- Liked: 2 times
- Joined: Sep 26, 2019 7:57 am
- Location: Germany
- Contact:
PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Can a Veeam Instalation be afectet by the "PostgreSQL relation replacement during pg_dump executes arbitrary SQL" Problem?
See: https://www.postgresql.org/support/secu ... 2024-7348/
See: https://www.postgresql.org/support/secu ... 2024-7348/
-
- Veeam Software
- Posts: 3035
- Liked: 700 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Hi Zweistein,
I'm checking internally on this; I suspect the answer is "no, no concerns" as it's specifically about pg_dump having a race condition that can be exploited, but will get a confirmation.
However, that being said it looks like it's fixed in PGSQL 15.8, which is supported (15.x is supported). So should be no harm is simply upgrading the Postgres instance to 15.8 where the issue is resolved.
I'm checking internally on this; I suspect the answer is "no, no concerns" as it's specifically about pg_dump having a race condition that can be exploited, but will get a confirmation.
However, that being said it looks like it's fixed in PGSQL 15.8, which is supported (15.x is supported). So should be no harm is simply upgrading the Postgres instance to 15.8 where the issue is resolved.
David Domask | Product Management: Principal Analyst
-
- Service Provider
- Posts: 654
- Liked: 165 times
- Joined: Apr 03, 2019 6:53 am
- Full Name: Karsten Meja
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
will the postgresql 15.8 setup be part of the v12.2 update?
-
- Veeam Software
- Posts: 3035
- Liked: 700 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Hi Karsten,
Yes it's planned to include updated Postgres installers on new release ISO(s), but it will still be a manual update process for now. There are plans for auto-updating Postgres, but nothing further to share at this time.
Yes it's planned to include updated Postgres installers on new release ISO(s), but it will still be a manual update process for now. There are plans for auto-updating Postgres, but nothing further to share at this time.
David Domask | Product Management: Principal Analyst
-
- Service Provider
- Posts: 654
- Liked: 165 times
- Joined: Apr 03, 2019 6:53 am
- Full Name: Karsten Meja
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Hi David,
thank you for the confirmation.
I thought, Anton had already announced that the VBR ISO is also going to update the postgresql.
sad.
thank you for the confirmation.
I thought, Anton had already announced that the VBR ISO is also going to update the postgresql.
sad.
-
- Veeam Software
- Posts: 3035
- Liked: 700 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Hi Karsten, you're quite welcome.
And yes, the post I linked is to Anton's public confirmation
Just right now nothing further to share on the subject at this moment.
And yes, the post I linked is to Anton's public confirmation

David Domask | Product Management: Principal Analyst
-
- Service Provider
- Posts: 654
- Liked: 165 times
- Joined: Apr 03, 2019 6:53 am
- Full Name: Karsten Meja
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Anton literally said, that Veeam is taking care of the update. Im confused.
-
- Veeam Software
- Posts: 3035
- Liked: 700 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
Yes, as noted it's planned. Will continue in DM, but Anton's post remains correct, it is planned indeed for Veeam to take care of the updates.
David Domask | Product Management: Principal Analyst
Who is online
Users browsing this forum: Bing [Bot], ender, Semrush [Bot] and 52 guests