it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5974-1] pgpool2 security update

From: Aron Xu <aron AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5974-1] pgpool2 security update
Date: Wed, 13 Aug 2025 07:15:30 +0000
Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1um5hq-007VRk-0L AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ejRigs2Cdwxw6eIboSycBUvUC+lxGNVR7tViHgOddcQ=; b=rs hSkYcIF3eFVn+OVEBIpWOSUmiwefjRo/vmwDLZwu/ulyW0bdqVCJVWVAYFr7JgpdeMviigoxQfHH9 p50On7k5YO7EJbQIWT3sBUgt+GBJEfbjeJLSKWZsHqf7akpIONR9GjC2kTpLB1ShEDyQJLKqu4GK3 jemPmEnD4Bwq3n+g3g2Nb3FA6b0sYaAOrZ3J0pIJGZvJY+sO/i7+K35ND+6QzfNKA4rUgzf+koFR6 +bJ+wFKkrIC6yWaGPHaffOfu8i3sojaCLSYsV0ecBJfowrmPllOMarPsteBedk6bn4WweGIkkxdeI x2doZ19ch4vEqdrhgkhbFCCJDn/4NIvg==;
Old-return-path: <aron AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 13 Aug 2025 07:15:52 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <LWk760BIgrC.A.uvcK.ouDnoB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5974-1 security AT debian.org
https://www.debian.org/security/ Aron Xu
August 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pgpool2
CVE ID : CVE-2024-45624 CVE-2025-46801
Debian Bug : 1081659 1106119

Two security issues were found in pgpool-II, the connection pool server
and replication proxy for PostgreSQL, which could result in authentication
bypass and exposure of sensitive information.

For the oldstable distribution (bookworm), these problems have been fixed
in version 4.3.5-1+deb12u1.

We recommend that you upgrade your pgpool2 packages.

For the detailed security status of pgpool2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pgpool2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmicO2wACgkQNP8o68vM
TMhhMgf8CZhlYWlBuphd0x7T9dfLnx1lleKWmzWAwiJtzxEpHBFv8jiUjPgxupaF
MPZhl/F2kiDNkQ5024ZRP6readDxobSk9lSEjzC5PbJN+HujqLDHyCqB/zWDieom
QCHPoEdfBbj3tB71zLbnNDOb4tv8PeaJ77XrGzwYSJCAIEVAQdnHWYKGR/RWynWY
c5whZZfF+ZDOYhJfVAwwL1a3TSmzL0y2HQeHBCqUa4goBEuFwt+Ru2+VgQmoT7yL
RFARjgQeARgpFg3OEgs/hs9dfiP1rLqgvrZGQYhU0RwlDAwu8aR2iJHYE7Yk5Iv6
9gGYMKqtqDHYZ/bw13N+P1TQuGaPvQ==
=XbNC
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5974-1] pgpool2 security update, Aron Xu, 13.08.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.