Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
Facebook
Downloads
Home
>
mailing lists
Security release for CVE-2022-41946 - Mailing list pgsql-jdbc
From
Dave Cramer
Subject
Security release for CVE-2022-41946
Date
November 23, 2022
19:34:07
Msg-id
CADK3HHLhdL8-2u6E0oXfL_X1zsV00p6Q9Sw9Xa4VOAFV-zXbiQ@mail.gmail.com
Whole thread
Raw
List
pgsql-jdbc
Tree view
Greetings,
There is an issue in the driver when setText, and setByte buffer the arguments to disk. File.createTempFile creates a file which can be read by any other user on the system. This has been fixed in versions 42.5.1, 42.4.3 42.3.8, 42.2.27.jre7.
Note
there is no fix for 42.2.26.jre6. See the security advisory
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
for work arounds.
Regards,
Dave Cramer
pgsql-jdbc
by date:
Previous
From:
Dave Cramer
Date:
23 November 2022, 17:37:08
Subject:
[pgjdbc/pgjdbc]
Next
From:
Andy Fan
Date:
26 November 2022, 15:03:24
Subject:
Would preparing internally during XAResource.end(xid, TMSUCCESS) works?
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
I confirm that I have read and accepted PostgresPro’s
Privacy Policy
.
I agree to get Postgres Pro discount offers and other marketing communications.
✖
×
×
Everywhere
Documentation
Mailing list
List:
all lists
pgsql-general
pgsql-hackers
buildfarm-members
pgadmin-hackers
pgadmin-support
pgsql-admin
pgsql-advocacy
pgsql-announce
pgsql-benchmarks
pgsql-bugs
pgsql-chat
pgsql-cluster-hackers
pgsql-committers
pgsql-cygwin
pgsql-docs
pgsql-hackers-pitr
pgsql-hackers-win32
pgsql-interfaces
pgsql-jdbc
pgsql-jobs
pgsql-novice
pgsql-odbc
pgsql-patches
pgsql-performance
pgsql-php
pgsql-pkg-debian
pgsql-pkg-yum
pgsql-ports
pgsql-rrreviewers
pgsql-ru-general
pgsql-sql
pgsql-students
pgsql-testers
pgsql-translators
pgsql-www
psycopg
Period
anytime
within last day
within last week
within last month
within last 6 months
within last year
Sort by
date
reverse date
rank
Services
24×7×365 Technical Support
Migration to PostgreSQL
High Availability Deployment
Database Audit
Remote DBA for PostgreSQL
Products
Postgres Pro Enterprise
Postgres Pro Standard
Cloud Solutions
Postgres Extensions
Resources
Blog
Documentation
Webinars
Videos
Presentations
Community
Events
Training Courses
Books
Demo Database
Mailing List Archives
About
Leadership team
Partners
Customers
In the News
Press Releases
Press Info
By continuing to browse this website, you agree to the use of cookies. Go to
Privacy Policy
.
I accept cookies