Magadzirirwo ekugadzirisa akagadzirwa kune ese anotsigirwa PostgreSQL mapazi: 13.3, 12.7, 11.12, 10.17 uye 9.6.22. Zvigadziriso zvebazi 9.6 zvichagadzirwa kusvika Mbudzi 2021, 10 kusvika Mbudzi 2022, 11 kusvika Mbudzi 2023, 12 kusvika Mbudzi 2024, 13 kusvika Mbudzi 2025. Izvo zvitsva zvinoburitswa zvinobvisa kusasimba kutatu uye kugadzirisa zvikanganiso zvakaunganidzwa.
Vulnerability CVE-2021-32027 inogona kukonzera kunze-kwe-mabhafa buffer kunyora nekuda kwekuwanda kufashukira panguva yearray index kuverenga. Nekushandisa dhizaini maitiro muSQL mibvunzo, munhu anorwisa ane mukana wekuita SQL mibvunzo anogona kunyora chero data kune inopokana nzvimbo yeprocess memory uye kuzadzisa kodhi yake nekodzero dzeDBMS server. Zvimwe zvisizvo zviviri (CVE-2021-32028, CVE-2021-32029) zvinotungamira mukudonha kwemaitiro emukati mememory paunenge uchinyengedza "INSERT ... PAKUKANGANANA ... ITA UPDATE" uye "UPDATE ... KUDZOSERA" zvikumbiro.
Kugadzirisa kusiri panjodzi kunosanganisira:
- Bvisa zviverengero zvisirizvo paunenge uchiita "UPDATE...RETURNING" kuti uvandudze akajoinwa matafura akapatsanurwa.
- Gadzirisa "ALTER TABLE ... ALTER CONSTRAINT" kutadza kwekuraira kana paine zvipingaidzo zvekiyi yekunze musanganiswa nekushandisa matafura akapatsanurwa.
- Iyo "COMMIT AND CHAIN" mashandiro akavandudzwa.
- Pakuburitswa kutsva kweFreeBSD, iyo fdatasync modhi yave kuiswa kune thatwal_sync_method nekukasira.
- Iyo vacuum_cleanup_index_scale_factor parameter inovharwa nekusarudzika.
- Yakagadziriswa ndangariro inovuza inoitika kana uchitanga TLS kubatana.
- Macheki ekuwedzera awedzerwa ku pg_upgrade yekuvepo kwemhando dzedata mumatafura evashandisi asingagone kukwidziridzwa.
Source: opennet.ru