Debian alert DLA-4338-1 (pgagent)
| From: | Andreas Henriksson <andreas@fatal.se> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4338-1] pgagent security update | |
| Date: | Sat, 18 Oct 2025 14:35:42 +0200 | |
| Message-ID: | <5ia6q76aparibvpcs5uaizp4zkdz7ys6m6dyom5r4ei2k42fr2@iihz6bychczm> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4338-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Andreas Henriksson October 18, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : pgagent Version : 4.0.0-8+deb11u1 CVE ID : CVE-2025-0218 Debian Bug : 1092677 When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. For Debian 11 bullseye, this problem has been fixed in version 4.0.0-8+deb11u1. We recommend that you upgrade your pgagent packages. For the detailed security status of pgagent please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pgagent Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmjziZwACgkQC8R9xk0T UwZ9ZQ//ZdRt8d4DuWDr/RE0Ch7+/IkLW4kYCmeU0HMWqXIB97Ml0G5LoI2tBRq2 SPh6WpmW7V007RnLM+9G8QDchnKBvJ1QDrNb85FZKVE1AVDwYKyy/m3yEsDPX+w/ RnxbMqt6sgGmVO3EaoHdXIcoKFnz0kY/z1WOb8/olN+ACbjul+DlS5zAf+jHsvuI sED0OJB+Mmcnx0tv5sjteZhX0sQ4JWWkrBSWFPvYP8mxr0ZQPnSObPVLGOuIrEFA Ru5BNkyl5Ff1dmAJqEK9ib+m3GZurJyixWmqzal78HPC2aPzXpe6IzmbD2dTxN/k ZnnEUrKHu43UOSgTSlzHuJyHPrR8oiLJpTHurjMIrg+CvlTDTSCxTSK8EXKY5Mij cdsjDlBLnuWqEzqw4zC4EbibS+jdNezHQnRKimH7NzJU5L7DpZYuKU5c0LKHVZNH 3Ben3om0XT76LrshNoxKwx3BrWxKTBq6HTcRusIl1PJ9xABe4cVbUQBe6IHYK7uU 6A6R5pnpWUqimMfwHeUxzwFv/B1vH6ckPuZCtfbxuHjHYkPqmxU7Pfwn2EI1Y1Ek tmXH3lEa+J3N/AEw3oRkk0jnRWzwJ5WaXwVwEr1Hfqnsh2DWYM3u9WdpxJ/t3ixn u1sz4NyoOOJlWRO+Z4zY4d/uLn2BQa6jlp/Ny7ZtC57coLsJ26s= =YiK4 -----END PGP SIGNATURE-----