[CLSA-2026:1779493861] postgresql: Fix of 6 CVEs
Type:
security
Severity:
Low
Release date:
2026-05-22 23:51:06 UTC
Description:
- CVE-2026-6473: use palloc_array() in hstore_plperl/hstore_plpython to avoid integer overflow on 32-bit systems - CVE-2026-6474: guard pg_strftime() callers against unsafe conditions and ensure null-terminated output to prevent format-string leak via crafted timezone names - CVE-2026-6475: prevent path traversal in pg_rewind file operations by validating paths received from a rogue server endpoint - CVE-2026-6477: add buf_size bounds-checking to pqFunctionCall3() and gate PQfn() via a new PQnfn() helper to prevent client-side buffer overrun in the large object interface (lo_export/lo_read/lo_lseek64/lo_tell64) - CVE-2026-6479: track processed SSL/GSS negotiation attempts in ProcessStartupPacket() to prevent unbounded recursion causing backend stack overflow - CVE-2026-6637: switch refint check_foreign_key() to StringInfo and quote key values to prevent SQL injection and stack buffer overruns
Updated packages:
  • postgresql-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:4cb9ad4ed2cd3881a6eac3756513c8a3b29248635cc743e5b011d752aea012e6
  • postgresql-contrib-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:2947c4fbd251ca8ea1342b4b65dfa5b238f9e2947ea8bd6c92824b395ecc491a
  • postgresql-docs-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:8e24be0986e281972e4e44ecfdca9d7d2b83a2c4015c473c2d43739b41c10876
  • postgresql-plperl-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:02964f7951e46288375ce5dd5147b83320972ed6a3313f53cc2490eace0795e5
  • postgresql-plpython3-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:cfa7871d8d9added0092fe1b19d9851eef7f69c25fd73d21d98dd2684a3d9b11
  • postgresql-pltcl-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:2479d5a0dc36883ea4febe35c94525d734aa30c9b46d233d4b10934db20da690
  • postgresql-private-devel-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:1defb615faf088dd648055ab9d682298580bb6a0fa761821d456d4ef6335ef3a
  • postgresql-private-libs-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:fc23eb29082a2843f5aa1cd44027f999cd8515a11d9c5737f2c28962168ba8cc
  • postgresql-server-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:ae525fd6e734bd7b5fffc0ee243216012fa40f11ef84491c201bd50eb1fa2468
  • postgresql-server-devel-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:7e70223b1c1293a831cad3ebbf28065e87ecf22984eb457b1f01ea1148ffbc79
  • postgresql-static-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:83d4c88268b4cde1a531bed542d2a6d86bc002b6b4d9853b0cf6cb68a199fc02
  • postgresql-test-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:eeae60ddbad143265f03c72cdb93c27e76c1772a64b4c021d4613d74c8736dee
  • postgresql-test-rpm-macros-13.23-1.el9_6.tuxcare.els6.noarch.rpm
    sha:35606a83dd6eb89f0cdb0fb68f16232c8ce29d62b4fd14fab4ff11cfff9d8a28
  • postgresql-upgrade-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:fc860d84062729384da7f6a89d8d77865df77fcab19f980ca74abe73a0e37547
  • postgresql-upgrade-devel-13.23-1.el9_6.tuxcare.els6.x86_64.rpm
    sha:b28c31ed524c1f02c9daf879568d069d114f0791bf494f5261f388144d133e69
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.