Uhlaziyo oluchanekileyo lwenziwe kuwo onke amasebe axhaswayo e-PostgreSQL 16.4, 15.8, 14.13, 13.16, 12.20, elungisa iimpazamo ze-56 ezichongiweyo kwiinyanga ezintathu ezidlulileyo. Phakathi kwezinye izinto, iinguqulelo ezintsha zisusa ubuthathaka (CVE-2024-7348), ziphawulwe njengengozi (inqanaba lengozi 8.8 ngaphandle kwe-10). Ukuba semngciphekweni kubangelwa imeko yogqatso kwi pg_dump into eluncedo, evumela umhlaseli onobuchule bokwenza nokucima izinto ezizingisileyo kwiDBMS ukwenza ikhowudi yeSQL engenamkhethe ngamalungelo omsebenzisi apho i pg_dump isetyenziswa phantsi (idla ngokuba pg_dump). iqhutywa ngamalungelo omsebenzisi ophezulu ukugcina i-DBMS).
Kuhlaselo oluyimpumelelo, kuyimfuneko ukulandelela ixesha apho pg_dump utility iqaliswa, ephunyezwa ngokulula ngokuguqulwa kwentengiselwano evulekileyo. Uhlaselo lubilisa ukubuyisela ulandelelwano ngombono okanye itafile yangaphandle echaza ikhowudi ye-SQL ukuba iqaliswe ngexesha pg_dump iqaliswe, xa ulwazi malunga nobukho bokulandelelana sele lufunyenwe, kodwa idatha ayikaphunyezwa. . Ukubhloka ubungozi, isethingi ethi "restrict_nonsystem_relation_kind" yongeziwe, ethintela ukubhengezwa kweembono ezingezizo inkqubo kunye nokufikelela kwiitafile zangaphandle kwi-pg_dump.
umthombo: opennet.ru
