Izinguqulo ezintsha zilungisa iziphazamisi ezingu-75 futhi zisuse ubungozi
(CVE-2020-1720) okudalwe ukuhlola kokugunyazwa okungekho lapho kusetshenziswa umyalo othi "ALTER ... KUYA NGOKWANDISA". Ngaphansi kwezimo ezithile, ukuba sengozini kuvumela umsebenzisi ongenalo ilungelo ukuthi asuse noma yimuphi umsebenzi, inqubo, ukubuka okwenziwe ngokwenyama, inkomba, noma i-trigger. Ukuhlasela kungenzeka uma umlawuli efake noma yisiphi isandiso, futhi umsebenzisi angakwazi ukusebenzisa umyalo othi CREATE noma umnikazi wesandiso angakholiseka ukuthi asebenzise umyalo othi DROP EXTENSION.
Ukwengeza, ungakwazi ukuqaphela ukubukeka kwesicelo esisha
- Ukusekelwa kwanoma yiziphi izinhlobo zamathebula okuqondiwe (ukubukwa, i-fdw (I-Foreign Data Wrapper), amathebula ahlukaniswe izingxenye, amathebula e-citus asabalalisiwe);
- Ikhono lokuchaza kabusha amagama ethebula (ukuphindaphinda kusuka kwelinye ithebula kuya kwelinye);
- Ukusekelwa kokuphindaphinda okunezinhlangothi ezimbili ngokudlulisa izinguquko zendawo kuphela kanye nokuziba ukuphindaphinda okuvela ngaphandle;
- Ukutholakala kwesistimu yokuxazulula ukungqubuzana okusekelwe ku-algorithm ye-LWW (i-last-win-win);
- Ikhono lokulondoloza ulwazi mayelana nokuqhubeka kokuphindaphinda kanye nezifaniso ezingasetshenzisiwe kuthebula elihlukile, elingasetshenziswa ukuze lilulame ngemva kokubuyiselwa kwenodi yokwamukela engatholakali okwesikhashana.
Source: opennet.ru