Quick Links

Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage

From:	Subhash Udata <subhashudata(at)gmail(dot)com>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage
Date:	2024-11-20 08:54:36
Message-ID:	CAD=40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Dear PostgreSQL Community,

I have a query related to the recent security vulnerability,
*CVE-2024-10979*, concerning the PL/Perl extension.

From the advisory, it appears the vulnerability impacts systems utilizing
the PL/Perl extension. My question is:

- If we do not use the PL/Perl extension in our PostgreSQL instance, is
it still necessary to upgrade to the patched version of PostgreSQL? Or can
we safely continue using our current version without concern?

We would like to understand whether this vulnerability has any implications
for environments where the PL/Perl extension is not installed or used.

Thank you so much for your guidance on this.

Best regards,

Subhash Udata

Responses

Re: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage at 2024-11-20 16:12:57 from Adrian Klaver

Browse pgsql-general by date

	From	Date	Subject
Next Message	jian he	2024-11-20 09:45:39	Re: Validating check constraints without a table scan?
Previous Message	張宸瑋	2024-11-20 06:44:04	Re: Re : Credcheck extension