Debian has released several security advisories to address vulnerabilities in various packages, including HAProxy, PostgreSQL, and Nginx. The advisory for HAProxy (DSA-6130-1) warns that an attacker can cause a denial-of-service attack by sending specially crafted data, and recommends upgrading to version 3.0.11-1+deb13u2. Meanwhile, multiple security issues were discovered in PostgreSQL (CVEs 2026-2003-2006), which may result in memory disclosure or code execution, and the advisory recommends updating to version 17.8-0+deb13u1 for the stable distribution or 15.16-0+deb12u1 for the oldstable distribution. Nginx has also been updated (DSA-6131-1) to fix a vulnerability that made it possible for an attacker to inject malicious code into upstream TLS servers, and users are recommended to upgrade to version 1.22.1-9+deb12u4 or 1.26.3-3+deb13u2.

[DSA 6130-1] haproxy security update
[DSA 6133-1] postgresql-17 security update
[DSA 6132-1] postgresql-15 security update
[DSA 6131-1] nginx security update

[SECURITY] [DSA 6130-1] haproxy security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6130-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : haproxy
CVE ID : CVE-2026-26081

Asim Viladi Oglu Manizada reported that HAProxy, a load balancing
reverse proxy, does not properly validate an INITIAL QUIC packet with
specially crafted data, which may result in denial of service (process
crash).

For the stable distribution (trixie), this problem has been fixed in
version 3.0.11-1+deb13u2.

We recommend that you upgrade your haproxy packages.

For the detailed security status of haproxy please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/haproxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6133-1] postgresql-17 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6133-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : postgresql-17
CVE ID : CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006

Multiple security issues were discovered in PostgreSQL, which may result
in memory disclosure or the execution of arbitrary code.

For the stable distribution (trixie), these problems have been fixed in
version 17.8-0+deb13u1.

We recommend that you upgrade your postgresql-17 packages.

For the detailed security status of postgresql-17 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-17

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6132-1] postgresql-15 security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6132-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : postgresql-15
CVE ID : CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006

Multiple security issues were discovered in PostgreSQL, which may result
in memory disclosure or the execution of arbitrary code.

For the oldstable distribution (bookworm), these problems have been fixed
in version 15.16-0+deb12u1.

We recommend that you upgrade your postgresql-15 packages.

For the detailed security status of postgresql-15 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postgresql-15

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6131-1] nginx security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6131-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nginx
CVE ID : CVE-2026-1642

A vulnerability has been discovered in Nginx, a high-performance web
and reverse proxy server: If configured to proxy to an upstream TLS
server, a man-in-the-middle injection attack was possible.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1.22.1-9+deb12u4.

For the stable distribution (trixie), this problem has been fixed in
version 1.26.3-3+deb13u2.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nginx

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/