Varonis Warns of Bug Discovered in PostgreSQL PL/Perl
Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.
PostgreSQL is an open-source relational database whose deployments can be affected by security flaws, unsafe configuration, and vulnerable extensions.
Search across headline titles and summaries.
Background for this topic.
PostgreSQL is an open-source object-relational database system used to store and query structured data, while supporting transactions, complex SQL, and programmable extensions. Its security model includes database roles, granular privileges, authentication rules, encrypted client connections, and configurable logging. Administrators must still configure these controls correctly: PostgreSQL does not make an exposed server, excessive privileges, or weak credentials safe by default.
Security coverage for PostgreSQL commonly focuses on restricting network access, reviewing pg_hba.conf authentication rules, enforcing least privilege, and preventing application-layer SQL injection through parameterized queries. Extensions and procedural code expand the attack surface, particularly when run with elevated privileges. Vulnerability management includes tracking PostgreSQL security advisories, applying supported-version updates, and assessing extensions separately. Logs can support detection and investigations, but should be protected because queries and connection details may contain sensitive information; retention and access controls may also affect privacy and regulatory obligations.
Weekly headline count for the current query.
Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.
The cryptomining malware, which typically targets Linux, is exploiting weaknesses in an open source container tool for initial access to cloud environments.
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.