I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Isibuyekezo se-PostgreSQL esinokukhubazeka okulungisiwe. I-Odyssey Connection Balancer 1.2 Ikhishiwe

Isibuyekezo se-PostgreSQL esinokukhubazeka okulungisiwe. I-Odyssey Connection Balancer 1.2 Ikhishiwe

Izibuyekezo zokulungisa zenziwe kuwo wonke amagatsha e-PostgreSQL asekelwe: 14.1, 13.5, 12.9, 11.14, 10.19 kanye ne-9.6.24. Ukukhishwa okungu-9.6.24 kuzoba ukubuyekezwa kokugcina kwegatsha le-9.6, okuye kwahoxiswa. Izibuyekezo zegatsha 10 zizokwenziwa kuze kube nguNovemba 2022, 11 - kuze kube nguNovemba 2023, 12 - kuze kube nguNovemba 2024, 13 - kuze kube nguNovemba 2025, 14 - kuze kube nguNovemba 2026.

Izinguqulo ezintsha zinikeza izilungiso ezingaphezu kuka-40 futhi zisusa ubungozi obubili (CVE-2021-23214, CVE-2021-23222) kunqubo yeseva kanye nelabhulali yeklayenti ye-libpq. Ubungozi buvumela umhlaseli ukuthi angene esiteshini sokuxhumana esibethelwe ngokuhlaselwa kwe-MITM. Ukuhlasela akudingi isitifiketi esivumelekile se-SSL futhi kungenziwa ngokumelene namasistimu adinga ukuqinisekiswa kweklayenti kusetshenziswa isitifiketi. Ngomongo weseva, ukuhlasela kukuvumela ukuthi ufake owakho umbuzo we-SQL ngesikhathi usungula ukuxhumana okubethelwe kusuka kuklayenti kuya kuseva ye-PostgreSQL. Kumongo we-libpq, ukuba sengozini kuvumela umhlaseli ukuthi abuyisele impendulo yeseva mbumbulu kuklayenti. Uma kuhlanganisiwe, ubungozi buvumela ulwazi mayelana nephasiwedi yeklayenti noma enye idatha ebucayi edluliswa ngaphambi kwesikhathi ekuxhumekeni ukuthi ikhishwe.

Ukwengeza, singakwazi ukuphawula ukushicilelwa kwe-Yandex kwenguqulo entsha yeseva elibamba ye-Odyssey 1.2, eklanyelwe ukugcina inqwaba yokuxhumana okuvulekile ku-PostgreSQL DBMS nokuhlela umzila wemibuzo. I-Odyssey isekela ukusebenzisa izinqubo zezisebenzi eziningi ezinezibambi ezinezintambo eziningi, ukuzulazula kuseva efanayo lapho iklayenti lixhuma kabusha, kanye nekhono lokuhlanganisa amachibi okuxhumana kubasebenzisi nezizindalwazi. Ikhodi ibhalwe ngo-C futhi isatshalaliswa ngaphansi kwelayisensi ye-BSD.

Inguqulo entsha ye-Odyssey yengeza ukuvikeleka ekuvimbeleni ukushintshwa kwedatha ngemva kokuxoxisana ngeseshini ye-SSL (ikuvumela ukuthi uvimbele ukuhlasela usebenzisa ubungozi obalulwe ngenhla CVE-2021-23214 kanye ne-CVE-2021-23222). Usekelo lwe-PAM ne-LDAP selusetshenzisiwe. Kungezwe ukuhlanganiswa nohlelo lokuqapha lwe-Prometheus. Ukubalwa okuthuthukisiwe kwamapharamitha wezibalo ukuze kulandelwe izikhathi zokwenziwa komsebenzi nezokubuza.

Source: opennet.ru

Engeza amazwana