PostgreSQL JDBC 42.5.1, 42.4.3, 42.3.8, 42.2.27.jre7 Security update for CVE-2022-41946

Поиск
Список
Период
Сортировка
От JDBC Project via PostgreSQL Announce
Тема PostgreSQL JDBC 42.5.1, 42.4.3, 42.3.8, 42.2.27.jre7 Security update for CVE-2022-41946
Дата
Msg-id 166922437667.1896.12613448576418013558@wrigleys.postgresql.org
обсуждение исходный текст
Список pgsql-announce
Дерево обсуждения
 

PostgreSQL JDBC 42.5.1, 42.4.3, 42.3.8, 42.2.27.jre7 Security update for CVE-2022-41946

The PostgreSQL JDBC team have released 42.5.1, 42.4.3, 42.3.8, 42.2.27.jre7 to address a security issue: CVE-2022-41946. (Note there is no fix for 42.2.26.jre6 see the advisory for workarounds) This is only an issue if you are using PreparedStatement.setText() or PreparedStatement.setBytea() where the String or bytea argument is larger than 51200 bytes. At which point the driver will buffer to disk. To do this it creates a temporary file which in previous versions could be read by other users on the client system. Note this only effects unix like systems. See the security advisory for the details. Thanks to Jonathan Leitschuh for finding and reporting the issue.

This email was sent to you from JDBC Project. It was delivered on their behalf by the PostgreSQL project. Any questions about the content of the message should be sent to JDBC Project.

You were sent this email as a subscriber of the pgsql-announce mailinglist, for for one of the content tags Related Open Source or Security. To unsubscribe from further emails, or change which emails you want to receive, please click the personal unsubscribe link that you can find in the headers of this email, or visit https://lists.postgresql.org/unsubscribe/.
 

В списке pgsql-announce по дате отправления:

Предыдущее
От: Datasentinel via PostgreSQL Announce
Дата:
Сообщение: Datasentinel version 2022.11 released
Следующее
От: Microsoft Azure via PostgreSQL Announce
Дата:
Сообщение: Call for Proposals is open for Citus Con: An Event for Postgres 2023!