sabuntawar gyara ga duk rassan PostgreSQL masu tallafi: , , , и , wanda ya ƙunshi wani yanki na gyaran kwaro. Sakin sabuntawa don reshe 9.4 har zuwa Disamba 2019, 9.5 har zuwa Janairu 2021, 9.6 har zuwa Satumba 2021, 10 har zuwa Oktoba 2022, 11 har zuwa Nuwamba 2023.
Sabbin sigogin suna gyara kwari sama da 60 kuma suna kawar da lahani huɗu:
- Lalaci guda biyu (CVE-2019-10127, CVE-2019-10128) sun keɓanta ga dandamali na Windows kuma suna bayyana a cikin masu sakawa daga EnterpriseDB da BigSQL, waɗanda ba su saita haƙƙin samun dama ga bayanan bayanan ba, wanda ya ba kowane mai amfani da Windows mara gata damar farawa. kisa code akan matakin sabis na PostgreSQL.
- Rashin lahani na CVE-2019-10129 yana bayyana a cikin PostgreSQL 11 kuma yana bawa mai amfani damar karanta wuraren ƙwaƙwalwar ajiya na sabani na tsarin sabar ta hanyar aika buƙatun INSERT na musamman zuwa tebur da aka raba.
- Rashin lahani CVE-2019-10130 yana ba ku damar karanta ƙimar bayanan waɗanda aka iyakance damar shiga.
Kafaffen kwari sun haɗa da cin hanci da rashawa lokacin aiwatar da "ALTER TABLE" akan tebur da aka raba, ɓarnar uwar garken lokacin da kuskure ya faru lokacin ƙoƙarin adana siginan kwamfuta tsakanin ma'amala, matsalolin aiki lokacin jujjuya ma'amaloli da suka haɗa da adadi mai yawa na tebur, rashin tallafi ga "KIRKIYAR TEBULI IDAN A'A" magana tana wanzu .. AS EXECUTE .. ", ƙwaƙwalwar ajiyar ƙwaƙwalwa
source: budenet.ru