Comprehensive data protection for all workloads
Post Reply
Zweistein
Influencer
Posts: 15
Liked: 2 times
Joined: Sep 26, 2019 7:57 am
Location: Germany
Contact:

PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by Zweistein »

Can a Veeam Instalation be afectet by the "PostgreSQL relation replacement during pg_dump executes arbitrary SQL" Problem?
See: https://www.postgresql.org/support/secu ... 2024-7348/
david.domask
Veeam Software
Posts: 3035
Liked: 700 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by david.domask »

Hi Zweistein,

I'm checking internally on this; I suspect the answer is "no, no concerns" as it's specifically about pg_dump having a race condition that can be exploited, but will get a confirmation.

However, that being said it looks like it's fixed in PGSQL 15.8, which is supported (15.x is supported). So should be no harm is simply upgrading the Postgres instance to 15.8 where the issue is resolved.
David Domask | Product Management: Principal Analyst
karsten123
Service Provider
Posts: 654
Liked: 165 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by karsten123 »

will the postgresql 15.8 setup be part of the v12.2 update?
david.domask
Veeam Software
Posts: 3035
Liked: 700 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by david.domask » 2 people like this post

Hi Karsten,

Yes it's planned to include updated Postgres installers on new release ISO(s), but it will still be a manual update process for now. There are plans for auto-updating Postgres, but nothing further to share at this time.
David Domask | Product Management: Principal Analyst
karsten123
Service Provider
Posts: 654
Liked: 165 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by karsten123 »

Hi David,

thank you for the confirmation.
I thought, Anton had already announced that the VBR ISO is also going to update the postgresql.
sad.
david.domask
Veeam Software
Posts: 3035
Liked: 700 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by david.domask »

Hi Karsten, you're quite welcome.

And yes, the post I linked is to Anton's public confirmation ;) Just right now nothing further to share on the subject at this moment.
David Domask | Product Management: Principal Analyst
karsten123
Service Provider
Posts: 654
Liked: 165 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by karsten123 »

Anton literally said, that Veeam is taking care of the update. Im confused.
david.domask
Veeam Software
Posts: 3035
Liked: 700 times
Joined: Jun 28, 2016 12:12 pm
Contact:

Re: PostgreSQL relation replacement during pg_dump executes arbitrary SQL

Post by david.domask »

Yes, as noted it's planned. Will continue in DM, but Anton's post remains correct, it is planned indeed for Veeam to take care of the updates.
David Domask | Product Management: Principal Analyst
Post Reply

Who is online

Users browsing this forum: Bing [Bot], ender, Semrush [Bot] and 52 guests