PostgreSQL發布安全性更新,修補高風險任意程式碼執行漏洞
支付動態 · 2024-11-18
上週關聯式資料庫軟體平臺PostgreSQL發布更新,其中修補高風險層級的任意程式碼執行漏洞CVE-2024-10979最值得留意。此外,這次也修補3項弱點、35個程式臭蟲
11月14日關聯式資料庫軟體平臺PostgreSQL開發團隊發布17.1、16.5、15.9、14.14、13.17,以及12.21版一系列更新,本次修補4項資安漏洞,以及35項程式臭蟲。
其中,最值得留意的是被列為高風險層級的CVE-2024-10979,此為PL與Perl環境變數變更造成的弱點,使得攻擊者有機會執行任意程式碼,CVSS風險達到8.8(滿分10分)。
這項漏洞發生的原因,在於PL與Perl環境變數的控制方式不良,導致不具特權的資料庫使用者,有機會改變敏感處理程序的環境變數(如PATH)。開發團隊進一步指出,即使攻擊者並未具備資料庫作業系統的使用者身分,還是有可能藉此執行任意程式碼。
這是針對PostgreSQL 12系統進行修補的最後一次更新,開發團隊呼籲用戶盡快規畫更新,將採用此版本的正式環境資料庫升級到較新的已支援版本。
Popular articles
Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking
HUIDU Focus
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
British gambling levy rates confirmed for each vertical
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
