[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3140-1] libpgjava security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3140-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 07, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libpgjava
Version        : 42.2.5-2+deb10u2
CVE ID         : CVE-2022-31197
Debian Bug     : #1016662

It was discovered that there was a potential SQL injection
vulnerability in libpgjava, a Java library for connecting to
PostgreSQL databases.

A malicious user could have crafted a schema that caused an
application to execute commands as a privileged user due to
the lack of escaping of column names in some operations.

For Debian 10 buster, this problem has been fixed in version
42.2.5-2+deb10u2.

We recommend that you upgrade your libpgjava packages.

For the detailed security status of libpgjava please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libpgjava

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNAZuQACgkQHpU+J9Qx
Hlhy5hAAu4GAO9XZznUiT53ch3J0Dl69kJ1I83f0a6v8b7VSF6Aio1GIfxrD3xFJ
zNlmPS/jpK0k5N7VIfjOct+cdWqmeSJgPvwcFT3Z/ofcM2X23FPUUvpPQiBasnHD
rE4LY1ehsxMlw71iZxwkR3wqDiVSAaa8tuGwm+QIOC20z4eS9M/j4AGeRt1aRYFr
ADVgLCzfcR3wMMEvgfqNf0S7aVpcT2dRLk0bkkqC36gc9CxwQpND//6BYAKdNF15
82FH95F0wnaE0FTsbd4FGwm3NwJ4lmx5wARi3pcChUaLS/sQ6P7ugNbsLdpGo6Bf
2ud5QO84173WimFwMqqwlZ5gfM+bH+ZYdgx2pBrjMG/8Ke4KEl2GuZY6KjsVUp+D
DNHY/du8+aqHJVhJz0gufp2v3t40/ItedWqsClRcJprCcpzWu5lTOv9HzVUNw0x3
O8ivMWxFj/Sp/uGIFKePUQzB631NcZ/GZMtryFyUhGABukTlQh9BQuYS1dbPCB1n
yf6fndIVIFasRf5en/R7dWJeE5sfU3/+Ue3AcFhcVoPdETEq2fQlxGBB6TZXiN6T
GBntA5jaSHHWI8czslYhkhsmHbNExVeRpIY7imTC0Un22yfqoq2F4mYjYHIB5KjY
1sV8daGZRfMs4M9KODqQzqTjLncEDqZzJTf/iq10/5mn5N773wg=
=LQ7F
-----END PGP SIGNATURE-----


Reply to: