[security - high] postgresql:15 security update, postgresql-15.17-1.module+el9+1133+9f326c3d
エラータID: AXSA:2026-325:01
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Modularity name: "postgresql"
Stream name: "15"
Update packages.
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
N/A
SRPMS
- pgaudit-1.7.0-1.module+el9+1133+9f326c3d.src.rpm
MD5: de919fae3ea0562b44efc16bfcba801a
SHA-256: 26b392ad15632ec638fd238b41dd75b04c431ab8c22cc9724a16602178d245d0
Size: 51.24 kB - pg_repack-1.4.8-2.module+el9+1133+9f326c3d.src.rpm
MD5: 9357a171f46220474c5b9fd44e3bf30b
SHA-256: e40150d8a8f9586b914eb4fd75832336f7d2b4cc85569ab2d0d405513c8e9b1b
Size: 102.34 kB - postgres-decoderbufs-1.9.7-1.Final.module+el9+1133+9f326c3d.src.rpm
MD5: 1b0a18b2b010e49d11f49a02d3e84f8b
SHA-256: b340aeefdc126fb94faf33efa6e542d8083871ab3181859743461ec4840f37a8
Size: 21.45 kB - postgresql-15.17-1.module+el9+1133+9f326c3d.src.rpm
MD5: d8c0f49e00c035e1005221087de86f60
SHA-256: cb5d61fbc221bf7a723fb541e3feb45707cb5e8a43f7a8e7771b6ddfcf04f6cb
Size: 51.26 MB
Asianux Server 9 for x86_64
- pgaudit-1.7.0-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 7e27010cadee3048ce47c3a8ce0010a4
SHA-256: 37775e69c84a2b6a43f79c63e34f315c980c164cff4ad0473ce4221e0e0a8749
Size: 27.49 kB - pgaudit-debugsource-1.7.0-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 90275dbdd3b11793166e372c299c94c5
SHA-256: 22d8a0249f406b50ccf4c9bc89dc296c6dc244de8473f6602eb829d85563ae1f
Size: 22.29 kB - pg_repack-1.4.8-2.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 083f610f48f16e4ee9ed21bc9c50d547
SHA-256: ed75207756a3161214de6eb0acb0d853303e7b889a37e9361042f1dae4f4a269
Size: 90.02 kB - pg_repack-debugsource-1.4.8-2.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 786ba296d6a1501dacffaca766fcf38a
SHA-256: 7e123515ed62aa5af4af77e55a175647cda8beca1b2f3d38137fa84c39dbf00d
Size: 48.09 kB - postgres-decoderbufs-1.9.7-1.Final.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 02da8904bb5e6cecfc8204df3c4697e0
SHA-256: 5eb48fcf9e8a326549ed95625025c2c1e3de074b1c08dbf8e32703e2a7795ed3
Size: 22.72 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 16710ef475a8e3e0ca40a8dd9477d41c
SHA-256: 3313578f358fa1ac6070f7fee2b8b929fa6e0cb8aa616cccbcfe5be03d0ecf83
Size: 16.56 kB - postgresql-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: ddad2ac58e8eca2259aecf65d342ff74
SHA-256: ae6948c2c3123618eeba416a00b39a04b74a133f175737c662f7c3b14cbab7b0
Size: 1.74 MB - postgresql-contrib-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 4974c02c5fa32df1347d3737dc040087
SHA-256: 1e4475f6b6a5770731f0b4b0bb56e668194d8412ac096f266c70da9ab40d0477
Size: 0.98 MB - postgresql-debugsource-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 00696f9b785c55dd2d27220aff41ef86
SHA-256: cb5f833c20f2fdc9876de74b351021a764e69087d60f0909e02fa490b75a85d2
Size: 16.20 MB - postgresql-docs-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: e9ac7a7d236a05179b13061bcf8838ed
SHA-256: 3eb4c45e960245ad1a7e869762c77b8b741d1c7902a7f41cd8aa16ab41b33410
Size: 10.11 MB - postgresql-plperl-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 0e2d6f1feafa22204c6aa2a8ac19ca20
SHA-256: f5f417e54bee444df00c47819a4ad26ae32b9c6358595607178b4fc62536678c
Size: 77.95 kB - postgresql-plpython3-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 0052d02014f930f8a862ffa0038f3f60
SHA-256: 2eb798845ffe37adefa4522130fc9a5e65626b85d129d639bde52cee2e52735a
Size: 100.76 kB - postgresql-pltcl-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 0582741ba3c1f12b829ccf5483afea4d
SHA-256: 48e0b6b02f1480e7cd9353e759ee4e7bbcee223e2e916333285670bc6b15ebef
Size: 51.95 kB - postgresql-private-devel-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 88953fe71f427222f5fde32765167190
SHA-256: 122ebac1482347590af346ee32397f0218e4a2b00ba1508562cea74af2a1a9f3
Size: 67.29 kB - postgresql-private-libs-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: c8614fc01134df63175c7101e071598a
SHA-256: c40290107518c25ef2f842b1524d876b7dcbe975f70b02f5d875a6eb20ec0597
Size: 143.94 kB - postgresql-server-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 0aad7a9f5050c7c9293f952c5b7897e0
SHA-256: b3085440655d20704e59884388d55e7210bcaf6fe8ea79c8bc63264e4af5abb6
Size: 6.29 MB - postgresql-server-devel-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: f183817145dc71726f050e96f9bd0063
SHA-256: 53a13fdd5e3fe9cf40dc94b1d0007d466f0ddab3b570b8a4eb8e6df47c4186e9
Size: 1.46 MB - postgresql-static-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: fb27b4744d78dded416c1d9e24e74c79
SHA-256: f9320e0d7725922ba83c83dc5521147d6c9185f1449d0b0491b99d3e9b042bde
Size: 129.42 kB - postgresql-test-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 5b1ba06dd7cefe5823e3db6999cb294a
SHA-256: c8df3d29ccaacd683f0702827c3fa6811814e28367bad323d1a59052281458f7
Size: 1.72 MB - postgresql-test-rpm-macros-15.17-1.module+el9+1133+9f326c3d.noarch.rpm
MD5: 00f50752a15536193ea184200c1b2d9b
SHA-256: 03f62f1f517194e8000adfc9c2fcdec31c9e8a7fdca6be2571a915abb30cb792
Size: 9.71 kB - postgresql-upgrade-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 0e67f6e911e2cb363d75c8f573d395d7
SHA-256: e055f1754ea581993b4eba5fbd3795e0b21bdbeddf215a59ebb588e081cb2e83
Size: 4.77 MB - postgresql-upgrade-devel-15.17-1.module+el9+1133+9f326c3d.x86_64.rpm
MD5: 55b4957c69b4427cd9ea78e52ade1044
SHA-256: 99d813590cf5ecc2e28695c780248d23c6f3f73c7e4b4f5dd6411007698fcb01
Size: 1.24 MB