An ƙirƙiri sabuntawar gyara don duk rassan PostgreSQL masu goyan bayan: 13.3, 12.7, 11.12, 10.17 da 9.6.22. Za a samar da sabuntawa don reshe 9.6 har zuwa Nuwamba 2021, 10 har zuwa Nuwamba 2022, 11 har zuwa Nuwamba 2023, 12 har zuwa Nuwamba 2024, 13 har zuwa Nuwamba 2025. Sabbin sakewa suna kawar da lahani guda uku kuma suna gyara kurakurai da aka tara.
Rashin lahani CVE-2021-32027 na iya haifar da rubutaccen buffer na waje saboda yawan yawan adadin lamba yayin lissafin tsararru. Ta hanyar sarrafa ƙimar tsararraki a cikin tambayoyin SQL, maharin da ke da damar aiwatar da tambayoyin SQL na iya rubuta kowane bayanai zuwa yanki mai kama da ƙwaƙwalwar tsari kuma ya cimma aiwatar da lambar sa tare da haƙƙin sabar DBMS. Wasu lahani guda biyu (CVE-2021-32028, CVE-2021-32029) suna haifar da zubewar abubuwan ƙwaƙwalwar aiki yayin sarrafa buƙatun "SAKA ... AKAN RIKICIN ... YI UPDATE" da "KYAUTA ... MAYARWA" buƙatun.
Gyaran marasa lahani sun haɗa da:
- Cire lissafin da ba daidai ba lokacin yin "UPDATE...DAWOWA" don sabunta abubuwan da aka haɗe.
- Gyara "ALTER TABLE ... ALTER CONSTRAINT" gazawar umarni lokacin da akwai maɓallan maɓalli na ƙasashen waje a haɗe tare da amfani da teburan da aka raba.
- An inganta ayyukan "COMMIT DA SKARYA".
- Don sababbin fitowar FreeBSD, yanayin fdatasync yanzu an saita shi zuwa wancanwal_sync_method ta tsohuwa.
- An kashe ma'aunin vacuum_cleanup_index_scale_factor ta tsohuwa.
- Kafaffen ƙwanƙwasa ƙwaƙwalwar ajiya waɗanda ke faruwa lokacin fara haɗin TLS.
- An ƙara ƙarin bincike zuwa pg_upgrade don kasancewar nau'ikan bayanai a cikin teburan mai amfani waɗanda ba za a iya haɓaka su ba.
source: budenet.ru