[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5974-1] pgpool2 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5974-1                   security@debian.org
https://www.debian.org/security/                                  Aron Xu
August 13, 2025                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pgpool2
CVE ID         : CVE-2024-45624 CVE-2025-46801
Debian Bug     : 1081659 1106119

Two security issues were found in pgpool-II, the connection pool server
and replication proxy for PostgreSQL, which could result in authentication
bypass and exposure of sensitive information.

For the oldstable distribution (bookworm), these problems have been fixed
in version 4.3.5-1+deb12u1.

We recommend that you upgrade your pgpool2 packages.

For the detailed security status of pgpool2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pgpool2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmicO2wACgkQNP8o68vM
TMhhMgf8CZhlYWlBuphd0x7T9dfLnx1lleKWmzWAwiJtzxEpHBFv8jiUjPgxupaF
MPZhl/F2kiDNkQ5024ZRP6readDxobSk9lSEjzC5PbJN+HujqLDHyCqB/zWDieom
QCHPoEdfBbj3tB71zLbnNDOb4tv8PeaJ77XrGzwYSJCAIEVAQdnHWYKGR/RWynWY
c5whZZfF+ZDOYhJfVAwwL1a3TSmzL0y2HQeHBCqUa4goBEuFwt+Ru2+VgQmoT7yL
RFARjgQeARgpFg3OEgs/hs9dfiP1rLqgvrZGQYhU0RwlDAwu8aR2iJHYE7Yk5Iv6
9gGYMKqtqDHYZ/bw13N+P1TQuGaPvQ==
=XbNC
-----END PGP SIGNATURE-----
Reply to: