PgBouncer: Multiple vulnerabilities Multiple vulnerabilities have been found in PgBouncer, the worst of which may allow an attacker to bypass authentication. pgbouncer 2017-01-11 2017-01-11 550124 600184 remote 1.7.2 1.7.2

PgBouncer is a lightweight connection pooler for PostgreSQL.

Multiple vulnerabilities have been discovered in PgBouncer. Please review the CVE identifiers referenced below for details.

A remote attacker might send a specially crafted package possibly resulting in a Denial of Service condition. Furthermore, a remote attacker might bypass authentication in configurations using the “auth_user” feature.

There is no known workaround at this time.

All PgBouncer users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/pgbouncer-1.7.2" CVE-2015-4054 CVE-2015-6817 whissi whissi