Обсуждение: CVE-2018-1058
Good afternoon,
I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 version, I got an error, and I found this page to install a patch
https://www.postgresql.org/about/news/1834/
CVE-2018-1058
But I don’t k now how to download the patch, please may you help me?
Thank you a lot.
Lizeth Solis
DBA – ELFEC S.A.
Cochabamba – Bolivia.
On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: > Good afternoon, > > I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 > version, I got an error, and I found this page to install a patch What commands did you use to dump the 9.6.15 version and restore to the 9.6.5 version? Which versions software did you use to do above? What was the error? The reason why you can't upgrade the 9.6.5 to 9.6.15? > > https://www.postgresql.org/about/news/1834/ > > CVE-2018-1058 > > But I don’t k now how to download the patch, please may you help me? > > Thank you a lot. > > Lizeth Solis > > DBA – ELFEC S.A. > -- Adrian Klaver adrian.klaver@aklaver.com
On 10/16/19 1:40 PM, Adrian Klaver wrote: > On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >> Good afternoon, >> >> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 >> version, I got an error, and I found this page to install a patch > > What commands did you use to dump the 9.6.15 version and restore to > the 9.6.5 version? > > Which versions software did you use to do above? > > What was the error? > > The reason why you can't upgrade the 9.6.5 to 9.6.15? > > Isn't OP asking to downgrade?
On 10/16/19 2:40 PM, Adrian Klaver wrote: > On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >> Good afternoon, >> >> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 >> version, I got an error, and I found this page to install a patch > > What commands did you use to dump the 9.6.15 version and restore to the > 9.6.5 version? > > Which versions software did you use to do above? > > What was the error? > > The reason why you can't upgrade the 9.6.5 to 9.6.15? There are a thousand and one -- nay, a million and ten -- crazy reasons why software can't be upgraded. (Mostly due to "Process" in large organizations.) It's best just to swallow "why can't you upgrade" and answer the question. > >> >> https://www.postgresql.org/about/news/1834/ >> >> CVE-2018-1058 >> >> But I don’t k now how to download the patch, please may you help me? >> >> Thank you a lot. >> >> Lizeth Solis >> >> DBA – ELFEC S.A. >> > -- Angular momentum makes the world go 'round.
What commands did you use to dump the 9.6.15 version and restore to the 9.6.5 version? Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump And Pg_restore -p 5432 -U postgres -d dbkerp param.dump Server with pg_dump is Linux red hat 7.6 Server with pg_restore is linux red hat 6.5 In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. The pg_dump is correct, everything goes ok., but when I do the pg_restore I gota n error : pg_restore: [archiver] unsupportedversion (1.13) in file header I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. How to download, and install, I dont find documents about it. he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. -----Mensaje original----- De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] Enviado el: miércoles, 16 de octubre de 2019 15:41 Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org Asunto: Re: CVE-2018-1058 On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: > Good afternoon, > > I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 > version, I got an error, and I found this page to install a patch What commands did you use to dump the 9.6.15 version and restore to the 9.6.5 version? Which versions software did you use to do above? What was the error? The reason why you can't upgrade the 9.6.5 to 9.6.15? > > https://www.postgresql.org/about/news/1834/ > > CVE-2018-1058 > > But I don't k now how to download the patch, please may you help me? > > Thank you a lot. > > Lizeth Solis > > DBA - ELFEC S.A. > -- Adrian Klaver adrian.klaver@aklaver.com ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del o losdestinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message.
> On Oct 16, 2019, at 2:55 PM, Ron <ronljohnsonjr@gmail.com> wrote: > > On 10/16/19 2:40 PM, Adrian Klaver wrote: >> On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >>> Good afternoon, >>> >>> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 version, I got an error, and I found this pageto install a patch >> >> What commands did you use to dump the 9.6.15 version and restore to the 9.6.5 version? >> >> Which versions software did you use to do above? >> >> What was the error? >> >> The reason why you can't upgrade the 9.6.5 to 9.6.15? > > There are a thousand and one -- nay, a million and ten -- crazy reasons why software can't be upgraded. (Mostly due to"Process" in large organizations.) It’s best just to swallow “why can't you upgrade" and answer the question. Well, I don’t know any organization where applying a one time patch is safer, less bug prone, and cheaper than doing a welltested point upgrade for postgres. So the question seems very relevant to me. In addition, if the company is not going to keep updated to latest point upgrades (meaning they are not applying securityand bug fixes) then why would they expect free support. If they want to play with fire by applying individual patches,then, from my standpoint they are on their own. The decision not to do regular maintenance has consequences andindividual patches are not guaranteed to be bug free for the system. While the developers try not to miss dependencies,the OP should understand that the Postgres build farm will never have run a configuration with only their individualpatch applied against an older system. Sounds really risky to me. So the reason to ask the question is to make sure the OP understands the high level of risk they are undertaking.
On 10/16/19 12:51 PM, Rob Sargent wrote: > > On 10/16/19 1:40 PM, Adrian Klaver wrote: >> On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >>> Good afternoon, >>> >>> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 >>> version, I got an error, and I found this page to install a patch >> >> What commands did you use to dump the 9.6.15 version and restore to >> the 9.6.5 version? >> >> Which versions software did you use to do above? >> >> What was the error? >> >> The reason why you can't upgrade the 9.6.5 to 9.6.15? >> >> > Isn't OP asking to downgrade? > Not sure, could be or OP is restoring to another instance. -- Adrian Klaver adrian.klaver@aklaver.com
On 10/16/19 12:55 PM, Ron wrote: > On 10/16/19 2:40 PM, Adrian Klaver wrote: >> On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >>> Good afternoon, >>> >>> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 >>> version, I got an error, and I found this page to install a patch >> >> What commands did you use to dump the 9.6.15 version and restore to >> the 9.6.5 version? >> >> Which versions software did you use to do above? >> >> What was the error? >> >> The reason why you can't upgrade the 9.6.5 to 9.6.15? > > There are a thousand and one -- nay, a million and ten -- crazy reasons > why software can't be upgraded. (Mostly due to "Process" in large > organizations.) It's best just to swallow "why can't you upgrade" and > answer the question. > I generally find it best not to assume. See OP's response for why I stick to that strategy. >> >>> >>> https://www.postgresql.org/about/news/1834/ >>> >>> CVE-2018-1058 >>> >>> But I don’t k now how to download the patch, please may you help me? >>> >>> Thank you a lot. >>> >>> Lizeth Solis >>> >>> DBA – ELFEC S.A. >>> >> > -- Adrian Klaver adrian.klaver@aklaver.com
On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote: > What commands did you use to dump the 9.6.15 version and restore to the > 9.6.5 version? > > Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump > And > Pg_restore -p 5432 -U postgres -d dbkerp param.dump > > > Server with pg_dump is Linux red hat 7.6 > > Server with pg_restore is linux red hat 6.5 > > > In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. So the RH 7.5 has 9.6.15 and RH 6.5 9.6.5? > > > The pg_dump is correct, everything goes ok., but when I do the pg_restore I gota n error : pg_restore: [archiver] unsupportedversion (1.13) in file header Yeah, that is because you are using an older version of pg_restore to restore a file that was created by a newer version of pg_dump. You have three choices as I see it: 1) Try to dump the 9.6.15 database with the 9.6.5 pg_dump using -Fc 2) Dump the 9.6.15 database using the 9.6.15 dump but output as plain text file(-Fp). To restore the file you will need to use psql not pg_restore. See examples at bottom of here: https://www.postgresql.org/docs/11/app-pgdump.html 3) Upgrade your 9.6.5 instance to 9.6.15. This is going to need more information though: a) How are you installing Postgres? b) How big is the database and is it in production? > > > I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. > How to download, and install, I dont find documents about it. > > he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. > > > > > -----Mensaje original----- > De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] > Enviado el: miércoles, 16 de octubre de 2019 15:41 > Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org > Asunto: Re: CVE-2018-1058 > > On 10/14/19 3:27 PM, Lizeth Solis Aramayo wrote: >> Good afternoon, >> >> I am working with postgresql 9.6.15 and I need to restore in a 9.6.5 >> version, I got an error, and I found this page to install a patch > > What commands did you use to dump the 9.6.15 version and restore to the > 9.6.5 version? > > Which versions software did you use to do above? > > What was the error? > > The reason why you can't upgrade the 9.6.5 to 9.6.15? > > >> >> https://www.postgresql.org/about/news/1834/ >> >> CVE-2018-1058 >> >> But I don't k now how to download the patch, please may you help me? >> >> Thank you a lot. >> >> Lizeth Solis >> >> DBA - ELFEC S.A. >> > > -- > Adrian Klaver > adrian.klaver@aklaver.com > ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del olos destinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message. > -- Adrian Klaver adrian.klaver@aklaver.com
On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote: > What commands did you use to dump the 9.6.15 version and restore to the > 9.6.5 version? > > Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump > And > Pg_restore -p 5432 -U postgres -d dbkerp param.dump > > > Server with pg_dump is Linux red hat 7.6 > > Server with pg_restore is linux red hat 6.5 > > > In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. > > > The pg_dump is correct, everything goes ok., but when I do the pg_restore I gota n error : pg_restore: [archiver] unsupportedversion (1.13) in file header Forgot a fourth option: 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > > > I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. > How to download, and install, I dont find documents about it. > > he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. > -- Adrian Klaver adrian.klaver@aklaver.com
Forgot a fourth option: 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. I don't know how to do that. May you help me please Is it just copy the pg_restore from one server to another? -----Mensaje original----- De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] Enviado el: miércoles, 16 de octubre de 2019 18:32 Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org Asunto: Re: CVE-2018-1058 On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote: > What commands did you use to dump the 9.6.15 version and restore to > the > 9.6.5 version? > > Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump And > Pg_restore -p 5432 -U postgres -d dbkerp param.dump > > > Server with pg_dump is Linux red hat 7.6 > > Server with pg_restore is linux red hat 6.5 > > > In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. > > > The pg_dump is correct, everything goes ok., but when I do the > pg_restore I gota n error : pg_restore: [archiver] unsupported > version (1.13) in file header Forgot a fourth option: 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > > > I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. > How to download, and install, I dont find documents about it. > > he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. > -- Adrian Klaver adrian.klaver@aklaver.com ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del o losdestinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message.
On 10/17/19 6:46 AM, Lizeth Solis Aramayo wrote: > Forgot a fourth option: > > 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > > > I don't know how to do that. May you help me please > > Is it just copy the pg_restore from one server to another? It would be easier to just run the 9.6.15 version on the 9.6.15 machine against the 9.6.5 database, so: pg_restore -h <9.6.5 hostname or IP> -p 5432 ... Of course, how fast this runs would depend where the machines are relative to each on the network. You could try copying the program, just not sure how compatible RH 6.5 and RH 7.6 are with each other. Your best bet would be to upgrade the 9.6.5 --> 9.6.15. There have been a lot of bug fixes in between. > > > > > > -----Mensaje original----- > De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] > Enviado el: miércoles, 16 de octubre de 2019 18:32 > Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org > Asunto: Re: CVE-2018-1058 > > On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote: >> What commands did you use to dump the 9.6.15 version and restore to >> the >> 9.6.5 version? >> >> Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump And >> Pg_restore -p 5432 -U postgres -d dbkerp param.dump >> >> >> Server with pg_dump is Linux red hat 7.6 >> >> Server with pg_restore is linux red hat 6.5 >> >> >> In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. >> >> >> The pg_dump is correct, everything goes ok., but when I do the >> pg_restore I gota n error : pg_restore: [archiver] unsupported >> version (1.13) in file header > > Forgot a fourth option: > > 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > >> >> >> I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. >> How to download, and install, I dont find documents about it. >> >> he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. >> > > -- > Adrian Klaver > adrian.klaver@aklaver.com > ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del olos destinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message. > -- Adrian Klaver adrian.klaver@aklaver.com
Thanks a lot. It worked! I will have to upgrade the 9.6.5 later. It will me take me more time. Thank you again. -----Mensaje original----- De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] Enviado el: jueves, 17 de octubre de 2019 10:23 Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org Asunto: Re: CVE-2018-1058 On 10/17/19 6:46 AM, Lizeth Solis Aramayo wrote: > Forgot a fourth option: > > 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > > > I don't know how to do that. May you help me please > > Is it just copy the pg_restore from one server to another? It would be easier to just run the 9.6.15 version on the 9.6.15 machine against the 9.6.5 database, so: pg_restore -h <9.6.5 hostname or IP> -p 5432 ... Of course, how fast this runs would depend where the machines are relative to each on the network. You could try copying the program, just not sure how compatible RH 6.5 and RH 7.6 are with each other. Your best bet would be to upgrade the 9.6.5 --> 9.6.15. There have been a lot of bug fixes in between. > > > > > > -----Mensaje original----- > De: Adrian Klaver [mailto:adrian.klaver@aklaver.com] > Enviado el: miércoles, 16 de octubre de 2019 18:32 > Para: Lizeth Solis Aramayo; pgsql-general@postgresql.org > Asunto: Re: CVE-2018-1058 > > On 10/16/19 1:05 PM, Lizeth Solis Aramayo wrote: >> What commands did you use to dump the 9.6.15 version and restore to >> the >> 9.6.5 version? >> >> Pg_dump -p 5433 -U postgres -Fc -d dbkerp -n param > param.dump And >> Pg_restore -p 5432 -U postgres -d dbkerp param.dump >> >> >> Server with pg_dump is Linux red hat 7.6 >> >> Server with pg_restore is linux red hat 6.5 >> >> >> In both servers I have postgresql 9.6, but in pg_dump is 9.6.15, and in pg_restore is 9.6.5. >> >> >> The pg_dump is correct, everything goes ok., but when I do the >> pg_restore I gota n error : pg_restore: [archiver] unsupported >> version (1.13) in file header > > Forgot a fourth option: > > 4) Use the 9.6.15 pg_restore to restore the 9.6.15 pg_dump to the 9.6.5 database. > >> >> >> I searched solutions, and I found that I can apply a patch CVE-2018-1058, but I don¡t know how. >> How to download, and install, I dont find documents about it. >> >> he reason why you can't upgrade the 9.6.5 to 9.6.15? I dont know how. >> > > -- > Adrian Klaver > adrian.klaver@aklaver.com > ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del olos destinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message. > -- Adrian Klaver adrian.klaver@aklaver.com ____La información contenida en este mensaje esta dirigida en forma exclusiva para el uso personal y confidencial del o losdestinatarios arriba nombrados. Si el lector de este mensaje no es el destinatario previsto o una persona responsablepara su distribución al destinatario, se le notifica que ha recibido este correo por error y que la revisión,distribución, difusión o copia de este mensaje esta estrictamente prohibida. Si por error recibió esta comunicación,por favor notifiquenos inmediatamente y borre el mensaje original. ____The information contained in this messageis intended only for the personal and confidential use of the recipient(s) named above. If the reader of this messageis not the intended recipient or an agent responsible for delivering it to the intended recipient, you are herebynotified that you have received this document in error and that any review, dissemination, distribution, or copyingof this message is strictly prohibited. If you have received this communication in error, please notify us immediately,and delete the original message.