ALT Linux Team

Package pgbouncer update in sisyphus_loongarch64 on 2025-05-14

ALT-PU-2025-6792-1

Package pgbouncer updated to version 1.24.1-alt1 for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2025-04-16
Modified: 2025-04-17

CVE-2025-2291

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top