[CLSA-2026:1783529181] Fix CVE(s): CVE-2024-10977
Type:
security
Severity:
Low
Release date:
2026-07-08 16:46:38 UTC
Description:
* SECURITY UPDATE: libpq does not discard the unauthenticated backend error message during SSL negotiation, allowing a man-in-the-middle to inject arbitrary bytes to a client's terminal - debian/patches/CVE-2024-10977.patch: discard the error response received during SSL negotiation and report an error immediately instead of processing the untrusted message, in src/interfaces/libpq/fe-connect.c and doc/src/sgml/protocol.sgml - CVE-2024-10977
CVEs fixed:
Updated packages:
  • libecpg-compat3-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:b51511de5fbfb3485f1e05bfb6b61106ff1a7711
  • libecpg-dev-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:a515540da0323ce66b7b9980d9291a5cde9d26aa
  • libecpg6-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:dbf9b1180c1b806c5908485ba5e3d0391bbee710
  • libpgtypes3-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:b1437c93bf11e04a2161bcee92a8f8a708591ec0
  • libpq-dev-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:92178e7c3808b9e97b6829c6e65e579dbf3f9b94
  • libpq5-11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:cd3ba12aa44021af5108cdaa756c88da3d6079ac
  • postgresql11_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:55f23688d394ff497c760b2d928074fe3e668fa2
  • postgresql11-client_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:18b46c66fd6d354baf29a12680a802da2c476c6b
  • postgresql11-doc_11.22-1~bookworm+tuxcare.els11_all.deb
    sha:7cdc363c011036acb341d1768727a6d6ebafea1b
  • postgresql11-plperl_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:697e629743e644e340b8e9ec03f172ae60982032
  • postgresql11-plpython3_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:f8268dc495e457bbcc56ffb6f34c80f915302f43
  • postgresql11-pltcl_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:c2d58682abed59709f1e8a1aeae21e1e5e26cf02
  • postgresql11-server-dev_11.22-1~bookworm+tuxcare.els11_amd64.deb
    sha:9e3b3ab016db85353cd611ad60c292b00f1add87
  • libecpg-compat3-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:f45cc192bd870fe6cb894a7a41fc8c2087e3851c
  • libecpg-dev-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:593172e3afb71115874c9c26088c027c5f5aace4
  • libecpg6-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:f0fd4d3fdc41a6518091b37366f81daa72c14c7d
  • libpgtypes3-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:e86749f1310e5c83605ee4617befd9b17e886bf3
  • libpq-dev-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:1269d6e95f8e7acdbeac3e07fc1ea873aa385fba
  • libpq5-11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:a7726da474375449b16efca0a7a79bb6a1ae480d
  • postgresql11_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:6ff3d58288fa5ac6794d9c078058bbec58726f37
  • postgresql11-client_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:475c8bd80f5c3fe358550f81fdc8298026e2b60c
  • postgresql11-doc_11.22-1~bookworm+tuxcare.els11_all.deb
    sha:7cdc363c011036acb341d1768727a6d6ebafea1b
  • postgresql11-plperl_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:9a16f9743e56d720b9f7de035694d7084fe8de37
  • postgresql11-plpython3_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:77caae6a4e40d5c6ae2330221e645a33efa7c497
  • postgresql11-pltcl_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:341333dd5b36e04ee1b9394c486e724a28d8bea6
  • postgresql11-server-dev_11.22-1~bookworm+tuxcare.els11_arm64.deb
    sha:8e1252bd46c977625b0205ada9a0850237f04109
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.