diff options
| author | bazeltsev <bazeltsev@ydb.tech> | 2022-11-29 20:17:43 +0300 |
|---|---|---|
| committer | bazeltsev <bazeltsev@ydb.tech> | 2022-11-29 20:17:43 +0300 |
| commit | 91e8997e8d42cf09eafdd1ee4e0a2a61faf29bb2 (patch) | |
| tree | 7bc3b1690826e40c8ba65b147ff4d2eeb06f08ee | |
| parent | 6074addcd7dca29be21ea14353f957eb8fd5a9a2 (diff) | |
| download | ydb-91e8997e8d42cf09eafdd1ee4e0a2a61faf29bb2.tar.gz | |
Added security changelog
updated
| -rw-r--r-- | ydb/docs/en/core/changelog.md | 2 | ||||
| -rw-r--r-- | ydb/docs/en/core/security-changelog.md | 9 | ||||
| -rw-r--r-- | ydb/docs/en/core/toc_i.yaml | 8 | ||||
| -rw-r--r-- | ydb/docs/ru/core/changelog.md | 2 | ||||
| -rw-r--r-- | ydb/docs/ru/core/security-changelog.md | 9 | ||||
| -rw-r--r-- | ydb/docs/ru/core/toc_i.yaml | 9 |
6 files changed, 32 insertions, 7 deletions
diff --git a/ydb/docs/en/core/changelog.md b/ydb/docs/en/core/changelog.md index d10918fa110..d2145bc8b8d 100644 --- a/ydb/docs/en/core/changelog.md +++ b/ydb/docs/en/core/changelog.md @@ -1,4 +1,4 @@ -# Releases +# Changelog ## 10.12.2022 {#10-12-2022} diff --git a/ydb/docs/en/core/security-changelog.md b/ydb/docs/en/core/security-changelog.md new file mode 100644 index 00000000000..50aadcc114d --- /dev/null +++ b/ydb/docs/en/core/security-changelog.md @@ -0,0 +1,9 @@ +# Security changelog + +## Fixed in YDB 22.4.44, 11.28.2022 {#28-11-2022} + +### CVE-2022-28228 {#cve-2022-28228} + +Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash. + +Link to CVE: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28228). diff --git a/ydb/docs/en/core/toc_i.yaml b/ydb/docs/en/core/toc_i.yaml index 09c8e938cdc..b48eec63c88 100644 --- a/ydb/docs/en/core/toc_i.yaml +++ b/ydb/docs/en/core/toc_i.yaml @@ -26,5 +26,9 @@ items: - include: { mode: link, path: downloads/toc_p.yaml } - name: Public talks href: public-talks.md -- name: Revision history - href: changelog.md
\ No newline at end of file +- name: What's new + items: + - name: Changelog + href: changelog.md + - name: Security changelog + href: security-changelog.md diff --git a/ydb/docs/ru/core/changelog.md b/ydb/docs/ru/core/changelog.md index e77431c384e..db093a23b81 100644 --- a/ydb/docs/ru/core/changelog.md +++ b/ydb/docs/ru/core/changelog.md @@ -1,4 +1,4 @@ -# История изменений +# Список изменений ## 12.10.2022 {#12-10-2022} diff --git a/ydb/docs/ru/core/security-changelog.md b/ydb/docs/ru/core/security-changelog.md new file mode 100644 index 00000000000..6b63bcdb9df --- /dev/null +++ b/ydb/docs/ru/core/security-changelog.md @@ -0,0 +1,9 @@ +# Список изменений безопасности + +## Исправлено в YDB 22.4.44, 28.11.2022 {#28-11-2022} + +### CVE-2022-28228 {#cve-2022-28228} + +В сервере YDB обнаружено чтение за пределами допустимого адресного пространства. Злоумышленник с помощью специально сконструированного запроса с оператором insert может получить доступ к конфиденциальной информации или вызвать сбой. + +Ссылка на CVE: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28228). diff --git a/ydb/docs/ru/core/toc_i.yaml b/ydb/docs/ru/core/toc_i.yaml index f91fc631a9e..9a1cae1458a 100644 --- a/ydb/docs/ru/core/toc_i.yaml +++ b/ydb/docs/ru/core/toc_i.yaml @@ -51,6 +51,9 @@ items: - include: { mode: link, path: downloads/toc_p.yaml } - name: Публичные материалы href: public-talks.md -- name: История изменений - href: changelog.md - +- name: Что нового + items: + - name: Список изменений + href: changelog.md + - name: Список изменений безопасности + href: security-changelog.md |