Kuye kwakhiqizwa izibuyekezo zokulungisa kuwo wonke amagatsha e-PostgreSQL asekelwayo: 13.3, 12.7, 11.12, 10.17, kanye no-9.6.22. Izibuyekezo zegatsha le-9.6 zizokhiqizwa kuze kube uNovemba 2021, 10 kuze kube uNovemba 2022, 11 kuze kube uNovemba 2023, 12 kuze kube uNovemba 2024, kanye no-13 kuze kube uNovemba 2025. Ukukhishwa okusha kulungisa ubuthakathaka obuthathu kanye namaphutha aqongelelwe.
I-CVE-2021-32027 yokuba sengozini ingaholela ekubhalweni kwedatha okungaphandle kwemingcele ngenxa yokugcwala kwenani eliphelele lapho kubalwa ama-array indices. Ngokusebenzisa kabi amanani e-array emibuzweni ye-SQL, umhlaseli onokufinyelela ekwenzeni imibuzo ye-SQL angabhala idatha engahleliwe esifundeni esingahleliwe senkumbulo yenqubo futhi asebenzise ikhodi yakhe ngamalungelo. iseva I-DBMS. Ezinye izinkinga ezimbili (i-CVE-2021-32028, i-CVE-2021-32029) ziholela ekuvuvukeni kwenkumbulo yenqubo lapho kulawulwa imibuzo ethi "FAKA ... ON CONFLICT ... DO UPDATE" kanye nethi "BUYISA ... RETURNING".
Phakathi kwezixazululo ezingezona ezobungozi, okulandelayo kungaqokonyiswa:
- Lungisa izibalo ezingalungile uma wenza "UKUBUYEKEZA ... UKUBUYA" ukuze ubuyekeze amathebula ahlukanisiwe ahlanganisiwe.
- Ukulungiswa kwe-ALTER TABLE ... Ukwehluleka komyalo we-ALTER CONSTRAINT lapho kukhona imikhawulo yezinkinobho zangaphandle ehambisana namathebula ahlukanisiwe.
- Ukusebenza kwe-"COMMIT AND CHAIN" kuthuthukisiwe.
- Ukukhishwa okusha kwe-FreeBSD manje kuqinisekisa ukuthi imodi ye-fdatasync isethwe ku-thathal_sync_method ngokuzenzakalelayo.
- Ipharamitha ye-vacuum_cleanup_index_scale_factor ikhutshaziwe ngokuzenzakalelayo.
- Kulungiswe ukuvuza kwememori okwenzeke ngesikhathi kuqaliswa ukuxhumana kwe-TLS.
- I-pg_upgrade manje ifaka ukuhlolwa okwengeziwe kwamathebula abasebenzisi ukuqinisekisa ukuthi aqukethe izinhlobo zedatha ezingenakuthuthukiswa.
Source: opennet.ru
