An ƙirƙiri sabunta sabuntawa ga duk rassan PostgreSQL masu goyan bayan: 14.1, 13.5, 12.9, 11.14, 10.19 da 9.6.24. Sakin 9.6.24 zai zama sabuntawa na ƙarshe don reshen 9.6, wanda aka dakatar. Za a samar da sabuntawa don reshe 10 har zuwa Nuwamba 2022, 11 - har zuwa Nuwamba 2023, 12 - har zuwa Nuwamba 2024, 13 - har zuwa Nuwamba 2025, 14 - har zuwa Nuwamba 2026.
Sabbin sigogin suna ba da gyare-gyare sama da 40 kuma suna kawar da lahani biyu (CVE-2021-23214, CVE-2021-23222) a cikin tsarin sabar da ɗakin karatu na abokin ciniki na libpq. Lalacewar na ba wa maharin damar kutsawa cikin rufaffen hanyar sadarwa ta hanyar harin MITM. Harin baya buƙatar ingantacciyar takardar shaidar SSL kuma ana iya aiwatar da shi akan tsarin da ke buƙatar amincin abokin ciniki ta amfani da takaddun shaida. A cikin mahallin uwar garken, harin yana ba ku damar musanya tambayar SQL na ku a lokacin kafa haɗin da aka ɓoye daga abokin ciniki zuwa sabar PostgreSQL. A cikin mahallin libpq, rashin lahani yana bawa maharin damar mayar da martanin sabar na bogi ga abokin ciniki. Lokacin da aka haɗa su, raunin yana ba da damar bayani game da kalmar sirrin abokin ciniki ko wasu mahimman bayanai da aka watsa da wuri a cikin haɗin da za a fitar.
Bugu da ƙari, za mu iya lura da bugun Yandex na sabon sigar uwar garken wakili na Odyssey 1.2, wanda aka ƙera don kula da buɗaɗɗen haɗin kai zuwa DBMS na PostgreSQL da kuma tsara hanyar tuntuɓar tambaya. Odyssey yana goyan bayan tafiyar da matakai masu yawa na ma'aikata tare da masu sarrafa nau'i-nau'i masu yawa, tafiya zuwa uwar garken guda ɗaya lokacin da abokin ciniki ya sake haɗawa, da kuma ikon ɗaure wuraren waha mai haɗi zuwa masu amfani da bayanai. An rubuta lambar a cikin C kuma an rarraba ta ƙarƙashin lasisin BSD.
Sabuwar sigar Odyssey tana ƙara kariya don toshe musanyar bayanai bayan yin shawarwarin zaman SSL (yana ba ku damar toshe hare-hare ta amfani da raunin da aka ambata a sama CVE-2021-23214 da CVE-2021-23222). An aiwatar da goyan bayan PAM da LDAP. Ƙara haɓakawa tare da tsarin sa ido na Prometheus. Ingantattun lissafin ma'auni na ƙididdiga don yin lissafin ciniki da lokutan aiwatar da tambaya.
source: budenet.ru