Home > mailing lists

Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage - Mailing list pgsql-general

From	Subhash Udata
Subject	Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage
Date	November 20 14:54:36
Msg-id	CAD=40Z1KMXsExhee44Kkce7Lr2xTJ2q34-Af8zwU5BvR47zh6w@mail.gmail.com Whole thread Raw
Responses	Re: Clarification on CVE-2024-10979 and PostgreSQL Upgrade Necessity Without PL/Perl Usage
List	pgsql-general

Dear PostgreSQL Community,

I have a query related to the recent security vulnerability, CVE-2024-10979, concerning the PL/Perl extension.

From the advisory, it appears the vulnerability impacts systems utilizing the PL/Perl extension. My question is:

If we do not use the PL/Perl extension in our PostgreSQL instance, is it still necessary to upgrade to the patched version of PostgreSQL? Or can we safely continue using our current version without concern?

We would like to understand whether this vulnerability has any implications for environments where the PL/Perl extension is not installed or used.

Thank you so much for your guidance on this.

Best regards,

Subhash Udata

From: 張宸瑋
Date: 20 November, 12:44:04
Subject: Re: Re : Credcheck extension

From: jian he
Date: 20 November, 15:45:39
Subject: Re: Validating check constraints without a table scan?