Home / mailings [SECURITY] [DSA 5974-1] pgpool2 security update
Posted on 13 August 2025
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-5974-1 security@debian.org
https://www.debian.org/security/ Aron Xu
August 13, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pgpool2
CVE ID : CVE-2024-45624 CVE-2025-46801
Debian Bug : 1081659 1106119
Two security issues were found in pgpool-II, the connection pool server
and replication proxy for PostgreSQL, which could result in authentication
bypass and exposure of sensitive information.
For the oldstable distribution (bookworm), these problems have been fixed
in version 4.3.5-1+deb12u1.
We recommend that you upgrade your pgpool2 packages.
For the detailed security status of pgpool2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pgpool2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
