Is /opt/wily/PostgreSQL-9.6.2/lib/libcurl.so.4.4.0 vulnerable to CVE-2023-38546? Will Postgres still work if we zip that file?
A security scan flagged this file as vulnerable to Nessus Plugin 182873 libcurl 7.9.1 < 8.4.0 Cookie Injection CVE-2023-38546. Using CA Wily Introscope 10.8.0.39 (Build 990301) on RHEL 7.9.
You will have to test this out. But it should not be needed per below.
Engineering believes that Postgres should fine without the libcurl.so file. That file is only used by ./stackbuilder/bin/stackbuilder executable and is a tool to customize the PostgreSQL instance which is not something you would be typically doing as a user.