Ensemble News, Alerts, and Advisories
Receive these Ensemble News, Alerts, and Advisories by E-mail
April 1, 2008 – Security Advisory, Programmer Mode Role Modification
InterSystems has corrected a security issue that allows granting of unauthorized roles.
This defect exists in all currently released versions of Caché starting with Caché 5.1 and for all versions of Ensemble. The defect exists on all platforms.
InterSystems believes the risk from this defect is low. The unauthorized granting is only possible from the programmer mode command line, and most systems have already restricted programmer mode access to trusted users.
The correction for this defect is identified as STC1352 and is available from InterSystems as an Ad Hoc distribution.
If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).
January 7, 2008 – Incorrect Rollback of SET $BIT Operation
InterSystems has corrected several Caché & Ensemble defects that, in rare instances, can cause rollback of SET $BIT operations within transactions to corrupt data.
The use of the SET $BIT operation outside of transactions is not subject to these defects.
These defects exist, to varying degrees, in all currently released versions. Actual database updates are performed correctly. Affected entries in the database are only corrupted by transaction rollback of the SET $BIT operation.
One defect results in the old data value of a SET $BIT operation being incorrectly journalled. This is only of concern when a rollback is necessary since the old value to be restored is incorrect.
The second defect occurs if two transactions affecting the same $BIT value are rolled back concurrently. It is possible for the values to be applied out of order resulting in an incorrect final value.
The corrections for these defects, identified as HYY1359, SJ1831, SJ1929 and SJ2281 will all be included in the upcoming 2008.1 Release. They are also available from InterSystems WRC in an Ad Hoc distribution.
If you have any questions regarding this, please contact the InterSystems Worldwide Response Center (WRC).