[CLSA-2026:1780965584] postgresql: Fix of 7 CVEs
Type:
security
Severity:
Low
Release date:
2026-06-09 00:44:13 UTC
Description:
- CVE-2026-6473: formatting.c / contrib intarray / ltree: avoid integer overflow in size calculations - CVE-2026-6474: timeofday / pg_strftime: guard against unsafe format codes and ensure null-termination on overflow - CVE-2026-6475: prevent path traversal in pg_basebackup and pg_rewind via path_is_safe_for_extraction() - CVE-2026-6477: libpq: harden PQfn() / pqFunctionCall3 against server-controlled buffer overruns in lo_read() - CVE-2026-6478: authentication: add timingsafe_bcmp() helper and apply it in MD5 / SCRAM / RADIUS / plain auth paths - CVE-2026-6479: postmaster: bound SSL/GSS negotiation recursion in ProcessStartupPacket() - CVE-2026-6637: refint contrib: prevent SQL injection and buffer overruns in check_primary_key / check_foreign_key
CVEs fixed:
Updated packages:
  • postgresql-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:3949444c2464d928459beaaea396f4685327178aa3e1dac320428460703dc983
  • postgresql-contrib-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:546fc0fa92b5f20a00797c83c6b1974b4e2c126265429be321e90d8686f3f1a8
  • postgresql-docs-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:24d64deda7b5861492a01165087a807119363e75243737a4e76d2ec8214b5304
  • postgresql-plperl-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:d5b5d73f3163dfdf02038f94486d3057f23e7951168d1912403403761cc82d18
  • postgresql-plpython3-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:62d09de6d7d3819adb15d536d893de159f08b48dc260698e2f318880d1b81413
  • postgresql-pltcl-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:ab943b3c1933312e2dccad3c73bf319cfcbf243bb962399e9bb70483eee38b0f
  • postgresql-server-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:3e4dc14be0f15cd7d028000a812a92f150f258dea54fdd81328521c4f1fe44e3
  • postgresql-server-devel-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:fa0a26beb3eb9e8dfa41665265d181eaa8adcd44d9dd68f1c191b856f7a75100
  • postgresql-static-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:e6e171c82feb654fc55bebf9775fec4d1af2dd1152c46184742f804c04197b0d
  • postgresql-test-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:94d4ca38254e29cc9d32d9804a055ad3d8e31332be6048025ed5e7e300893cf7
  • postgresql-test-rpm-macros-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.noarch.rpm
    sha:767d14c9446d53f9a3de2065811a44844ab4e008f6d58ed12bc8d67755ddf3df
  • postgresql-upgrade-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:21017c8be01a298cd132e2b73764a42037b1fec51dcb84884e71f02a2be59f8d
  • postgresql-upgrade-devel-13.23-2.module_el8+2415+b49622e4.tuxcare.els2.x86_64.rpm
    sha:cdeedee9f933da16878e8db93603c3dd8bdc488edd8b601be55c3b4bf6364dfb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.