Search Postgresql Archives

Re: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/20/24 00:54, Subhash Udata wrote:
Dear PostgreSQL Community,

I have a query related to the recent security vulnerability, *CVE-2024-10979*, concerning the PL/Perl extension.

From the advisory, it appears the vulnerability impacts systems utilizing the PL/Perl extension. My question is:

  * If we do not use the PL/Perl extension in our PostgreSQL instance,
    is it still necessary to upgrade to the patched version of
    PostgreSQL? Or can we safely continue using our current version
    without concern?

Yes you should upgrade.

See the rest of the issues fixed:

https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/

It has further CVE's.

Though I would wait until the out-of cycle release that lands tomorrow(2024-11-21) is out, see:

https://www.postgresql.org/about/news/out-of-cycle-release-scheduled-for-november-21-2024-2958/

As it fixes some regressions in the previous release.



We would like to understand whether this vulnerability has any implications for environments where the PL/Perl extension is not installed or used.

Thank you so much for your guidance on this.

Best regards,

Subhash Udata


--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux