ALT Linux Team

Package pgbouncer update in c10f2 on 2025-05-15

ALT-PU-2025-6620-2

Package pgbouncer updated to version 1.24.1-alt1 for branch c10f2 in task 382926.

Closed vulnerabilities

Published: 2025-04-16
Modified: 2025-04-17

CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top