Search Postgresql Archives

Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, November 21, 2024, Subhash Udata <subhashudata@xxxxxxxxx> wrote:

Currently, my environment is running PostgreSQL 15.0. I understand that version 15.9 contains the fix for CVE-2024-10979, as mentioned in the release notes.

Given that I am not using the PL/Perl extension in my environment


IIUC, any user that can execute “create extension plperl” in a database they are connected to (or, it having been installed, users that have been granted usage on the language) can exploit this vulnerability.  Whether that is possible in your environment is something you’d need to determine.

I believe this particular detail probably should have been part of the release announcement but was not.

In any case if you aren’t willing to update consistently you really shouldn’t be deploying .0 releases.

David J.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux