Ewepụtala mmelite mmezi maka ngalaba PostgreSQL niile akwadoro: 14.1, 13.5, 12.9, 11.14, 10.19 na 9.6.24. Mwepụta 9.6.24 ga-abụ mmelite ikpeazụ maka ngalaba 9.6, nke kwụsịrị. A ga-ewepụta mmelite maka alaka 10 ruo Nọvemba 2022, 11 - ruo Nọvemba 2023, 12 - ruo Nọvemba 2024, 13 - ruo Nọvemba 2025, 14 - ruo Nọvemba 2026.
Ụdị ọhụrụ ahụ na-enye ihe karịrị 40 ndozi ma wepụ ihe ọghọm abụọ (CVE-2021-23214, CVE-2021-23222) na usoro ihe nkesa na ọbá akwụkwọ ndị ahịa libpq. Ọdịmma ndị ahụ na-enye onye na-awakpo ohere ịbanye n'ọwa nkwukọrịta ezoro ezo site na mbuso agha MITM. Mwakpo a anaghị achọ asambodo SSL dị irè yana enwere ike ime ya megide sistemu chọrọ nyocha ndị ahịa site na iji asambodo. N'ihe gbasara ihe nkesa, ọgụ a na-enye gị ohere iji dochie ajụjụ SQL nke gị n'oge ịmepụta njikọ ezoro ezo site na onye ahịa na sava PostgreSQL. N'ihe gbasara libpq, adịghị ike na-enye onye na-awakpo ohere iweghachi onye ahịa nzaghachi ihe nkesa adịgboroja. Mgbe ejikọtara, adịghị ike ahụ na-enye ohere ozi gbasara paswọọdụ onye ahịa ma ọ bụ data ndị ọzọ nwere mmetụta na-ebufe n'isi njikọ ahụ ka ewepụtara ya.
Na mgbakwunye, anyị nwere ike ịhụ mbipụta nke Yandex nke ụdị ọhụrụ nke sava proxy Odyssey 1.2, emebere iji jikwaa ọdọ mmiri mepere emepe na PostgreSQL DBMS wee hazie ụzọ ajụjụ. Odyssey na-akwado na-agba ọsọ ọtụtụ ndị ọrụ usoro na multi-threaded handlers, na-ebugharị na otu ihe nkesa mgbe onye ahịa na-ejikọta, na ike ijikọ ọdọ mmiri njikọ na ndị ọrụ na ọdụ data. Edere koodu ahụ na C wee kesaa n'okpuru ikikere BSD.
Ụdị ọhụrụ nke Odyssey na-agbakwụnye nchebe iji gbochie ngbanwe data mgbe ị kparịtara ụka nnọkọ SSL (na-enye gị ohere igbochi mwakpo site na iji adịghị ike ndị a kpọtụrụ aha n'elu CVE-2021-23214 na CVE-2021-23222). E mejuputala nkwado maka PAM na LDAP. Mgbakwunye agbakwunyere na sistemụ nlekota Prometheus. Ngụkọ ọnụọgụgụ emelitere iji nweta oge azụmahịa yana oge mmezu.
isi: opennet.ru