Debian 11: DLA-3993-1 moderate: pgpool2 authentication issues
debian lts
December 13, 2024
Two vulnerabilities were discovered in pgpool2, a connection pool server and replication proxy for PostgreSQL
Topics Covered
Summary
CVE-2023-22332
A specific database user's authentication information may be
obtained by another database user. As a result, the information
stored in the database may be altered and/or database may be
suspended by a remote attacker who successfully logged in the
product with the obtained credentials.
CVE-2024-45624
When the query cache feature is enabled, it was possible that a
database user can read rows from tables that should not be visible
for the user through query cache.
For Debian 11 bullseye, these problems have been fixed in version
4.1.4-3+deb11u1.
We recommend that you upgrade your pgpool2 packages.
For the detailed security status of pgpool2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pgpool2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Package: pgpool2
Version: 4.1.4-3+deb11u1
CVE ID: CVE-2023-22332 CVE-2024-45624
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!