[pgpool-general: 2733] OpenSSL vulnerability

Tatsuo Ishii ishii at postgresql.org
Tue Apr 8 20:44:42 JST 2014

Hi pgpool-II users,

OpenSSL vulnerability (http://heartbleed.com/) may affect you if you
are using pgpool-II built with OpenSSL enabled and turn on "ssl" in
your pgpool.conf.

To check if your pgpool was built with OpenSSL enabled or not, you can
use ldd command:

$ ldd /usr/local/bin/pgpool

	libssl.so.10 => /lib64/libssl.so.10 (0x00007f8ea9d1f000)


As you can see this pgpool links libssl.so, which is the sign of using
OpenSSL. Then you want to check the OpenSSL version installed:

$ rpm -qa|grep -i openssl

I'm using openssl-1.0.0, which is SAFE (OpenSSL 1.0.1 through 1.0.1f
(inclusive) are vulnerable).

If you have vulnerable versions of OpenSSL, you should immediately
upgrade to a fixed version. Or turn off SSL setting in pgpool.conf:

ssl = off

Best regards,
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

More information about the pgpool-general mailing list