Uhlaziyo oluchanekileyo lwenziwe kuwo onke amasebe e-PostgreSQL axhaswayo: 14.1, 13.5, 12.9, 11.14, 10.19 kunye ne-9.6.24. Ukukhutshwa kwe-9.6.24 kuya kuba luhlaziyo lokugqibela lwesebe le-9.6, eliye layekiswa. Uhlaziyo lwesebe 10 luya kuveliswa de kube ngoNovemba 2022, 11 - de kube ngoNovemba 2023, 12 - de kube ngoNovemba 2024, 13 - de kube ngoNovemba 2025, 14 - kude kube nguNovemba 2026.
Ezi nguqulelo zintsha zibonelela ngokulungiswa okungaphezulu kwama-40 kwaye zijongana nobuthathaka obubini (i-CVE-2021-23214, i-CVE-2021-23222) kwinkqubo yeseva kunye nelayibrari yeklayenti ye-libpq. Ezi buthathaka zivumela umhlaseli ukuba angene kwijelo lonxibelelwano olufihliweyo ngohlaselo lwe-man-in-the-middle (MITM). Olu hlaselo alufuni ngokuchanekileyo SSL-isiqinisekiso kwaye ingasetyenziswa ngokuchasene neenkqubo ezifuna ukuqinisekiswa komthengi kusetyenziswa isatifikethi. Kwimeko yeseva, uhlaselo luvumela ukutshintshwa kombuzo we-SQL ngexesha lokusekwa koqhagamshelo lomthengi olufihliweyo kwiseva yePostgreSQL. Kwimeko ye-libpq, ubuthathaka buvumela umhlaseli ukuba abuyisele impendulo yeseva yobuxoki kumthengi. Xa zidityanisiwe, ezi buthathaka zivumela ukukhutshwa kolwazi lwephasiwedi okanye olunye ulwazi lomthengi oluyimfihlo oludluliselwe kwangethuba kuqhagamshelo.
Ukongeza, iYandex ikhuphe inguqulelo entsha yeseva yayo yeproxy ye-Odyssey 1.2, eyilelwe ukugcina ichibi lonxibelelwano oluvulekileyo kwi-PostgreSQL DBMS kunye nokulungiselela ukuhanjiswa kwesicelo. I-Odyssey ixhasa ukuqhuba iinkqubo ezininzi zabasebenzi kunye nabaphathi abanemisonto emininzi, kwaye ulwalathiso lukwakho. umncedisi Xa umthengi ephinda aqhagamshelane kwakhona, amandla okubopha unxibelelwano kubasebenzisi nakwiidathabheyisi. Ikhowudi ibhalwe ngo-C kwaye isasazwa phantsi kwelayisensi ye-BSD.
Inguqulelo entsha ye-Odyssey yongeza ukukhuselwa kwi-block substitution yedatha emva kokuxoxisana neseshoni ye-SSL (ikuvumela ukuba uthintele ukuhlaselwa usebenzisa ubuthathaka obukhankanywe ngasentla CVE-2021-23214 kunye neCVE-2021-23222). Inkxaso ye-PAM kunye ne-LDAP iphunyeziwe. Udibaniso olongeziweyo kunye nenkqubo yokubeka iliso ye-Prometheus. Ukubalwa okuphuculweyo kweeparamitha zeenkcukacha-manani ukunika ingxelo yentengiselwano kunye namaxesha okwenziwa kwemibuzo.
umthombo: opennet.ru
