Detections
Analytics

Debian dla-4646 : libecpg-compat3 - security update

high Nessus Plugin ID 322551

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4646 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-4646-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias June 24, 2026 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : postgresql-13 Version : 13.23-0+deb11u4 CVE ID : CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479 CVE-2026-6637 Debian Bug :

 Brief introduction

 CVE-2026-6473

 Integer wraparound in multiple PostgreSQL server features allows an application input provider to cause the server to undersize an allocation and write out-of-bounds.

 CVE-2026-6474

 Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones

 CVE-2026-6475

 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries.

 CVE-2026-6477

 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response.

 CVE-2026-6478

 Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier.


 CVE-2026-6479

 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket

 CVE-2026-6637

 Stack buffer overflow in PostgreSQL module refint allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a refint cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update.

 For Debian 11 bullseye, these problems have been fixed in version 13.23-0+deb11u4.

 We recommend that you upgrade your postgresql-13 packages.

 For the detailed security status of postgresql-13 please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/postgresql-13

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the libecpg-compat3 packages.

See Also

https://packages.debian.org/source/bullseye/postgresql-13

https://security-tracker.debian.org/tracker/CVE-2026-6473

https://security-tracker.debian.org/tracker/CVE-2026-6474

https://security-tracker.debian.org/tracker/CVE-2026-6475

https://security-tracker.debian.org/tracker/CVE-2026-6477

https://security-tracker.debian.org/tracker/CVE-2026-6478

https://security-tracker.debian.org/tracker/CVE-2026-6479

https://security-tracker.debian.org/tracker/CVE-2026-6637

http://www.nessus.org/u?1964ded4

Plugin Details

Severity: High

ID: 322551

File Name: debian_DLA-4646.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/24/2026

Updated: 6/24/2026

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-6477

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-6637

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libecpg-compat3, p-cpe:/a:debian:debian_linux:libecpg-dev, p-cpe:/a:debian:debian_linux:libecpg6, p-cpe:/a:debian:debian_linux:libpgtypes3, p-cpe:/a:debian:debian_linux:libpq-dev, p-cpe:/a:debian:debian_linux:libpq5, p-cpe:/a:debian:debian_linux:postgresql-13, p-cpe:/a:debian:debian_linux:postgresql-client-13, p-cpe:/a:debian:debian_linux:postgresql-doc-13, p-cpe:/a:debian:debian_linux:postgresql-plperl-13, p-cpe:/a:debian:debian_linux:postgresql-plpython3-13, p-cpe:/a:debian:debian_linux:postgresql-pltcl-13, p-cpe:/a:debian:debian_linux:postgresql-server-dev-13

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/24/2026

Vulnerability Publication Date: 5/14/2026

Reference Information

CVE: CVE-2026-6473, CVE-2026-6474, CVE-2026-6475, CVE-2026-6477, CVE-2026-6478, CVE-2026-6479, CVE-2026-6637