{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* SECURITY UPDATE: PostgreSQL 2026-05-14 security batch (CVE-2026-6473,\n 6474, 6475, 6477, 6478, 6479, 6637). Backports adapted from upstream\n REL_14_STABLE to PG 12 source.\n - debian/patches/CVE-2026-6473.patch: integer wraparound in ts_headline\n and ltree lquery parsing; bound StartSel/StopSel/FragmentDelimiter to\n PG_INT16_MAX and add overflow checks in parse_lquery (no\n pg_add_u16_overflow() in PG 12, manual PG_UINT16_MAX compare).\n - debian/patches/CVE-2026-6474.patch: externally-controlled format\n string in timeofday() via pg_strftime() with crafted timezones; guard\n against unsafe conditions.\n - debian/patches/CVE-2026-6475.patch: symlink following in\n pg_basebackup plain format and in pg_rewind allowing origin\n superuser to overwrite local files.\n - debian/patches/CVE-2026-6477.patch: mark PQfn() unsafe and fix\n overrun in libpq lo_export/lo_read/lo_lseek64/lo_tell64 frontend\n LO interface.\n - debian/patches/CVE-2026-6478.patch: covert timing channel in MD5\n password comparison; replace memcmp with timingsafe_bcmp in SCRAM\n and MD5 password verification paths.\n - debian/patches/CVE-2026-6479.patch: uncontrolled recursion in\n ProcessStartupPacket() via alternating SSL/GSS negotiation requests.\n - debian/patches/CVE-2026-6637.patch: stack buffer overflow in the\n refint contrib module with attacker-controlled column names.\n - CVE-2026-6473\n - CVE-2026-6474\n - CVE-2026-6475\n - CVE-2026-6477\n - CVE-2026-6478\n - CVE-2026-6479\n - CVE-2026-6637", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu20.04els/advisories/2026/clsa-2026_1779494089.json" } ], "tracking": { "current_release_date": "2026-05-22T23:56:15Z", "generator": { "date": "2026-05-22T23:56:15Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1779494089", "initial_release_date": "2026-05-22T23:56:15Z", "revision_history": [ { "date": "2026-05-22T23:56:15Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 7 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 20.04", "product": { "name": "Ubuntu 20.04", "product_id": "Ubuntu-20", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plperl-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg6@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-plpython3-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-client-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpgtypes3@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-server-dev-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-pltcl-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq-dev@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-compat3@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpq5@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product": { "name": "libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_id": "libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libecpg-dev@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "product": { "name": "postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "product_id": "postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/postgresql-doc-12@12.22-0ubuntu0.20.04.4%2Btuxcare.els1?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all" }, "product_reference": "postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" }, "product_reference": "libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-20" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-6637", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" }, "notes": [ { "category": "description", "text": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6637" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6637/", "url": "https://www.postgresql.org/support/security/CVE-2026-6637/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6473", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6473" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6473/", "url": "https://www.postgresql.org/support/security/CVE-2026-6473/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6474", "cwe": { "id": "CWE-134", "name": "Use of Externally-Controlled Format String" }, "notes": [ { "category": "description", "text": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6474" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6474/", "url": "https://www.postgresql.org/support/security/CVE-2026-6474/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6479", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6479" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6479/", "url": "https://www.postgresql.org/support/security/CVE-2026-6479/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6477", "cwe": { "id": "CWE-242", "name": "Use of Inherently Dangerous Function" }, "notes": [ { "category": "description", "text": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6477" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6477/", "url": "https://www.postgresql.org/support/security/CVE-2026-6477/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6478", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "notes": [ { "category": "description", "text": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6478" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6478/", "url": "https://www.postgresql.org/support/security/CVE-2026-6478/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6475", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "description", "text": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-6475" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6475/", "url": "https://www.postgresql.org/support/security/CVE-2026-6475/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-22T23:54:51.488627Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089", "product_ids": [ "Ubuntu-20:libecpg-compat3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libecpg6-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpgtypes3-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq-dev-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:libpq5-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-client-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-doc-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.all", "Ubuntu-20:postgresql-plperl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-plpython3-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-pltcl-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64", "Ubuntu-20:postgresql-server-dev-12-0:12.22-0ubuntu0.20.04.4+tuxcare.els1.amd64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779494089" } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }