[security - high] postgresql:13 security update, postgresql-13.23-2.module+el8+1961+24ad1a4d

エラータID: AXSA:2026-327:01

Release date: 
Tuesday, March 17, 2026 - 22:06
Subject: 
[security - high] postgresql:13 security update, postgresql-13.23-2.module+el8+1961+24ad1a4d
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Modularity name: "postgresql"
Stream name: "13"

Solution: 

Update packages.

CVEs: 
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. pgaudit-1.5.0-1.module+el8+1961+24ad1a4d.src.rpm
    MD5: 71dc4f02c82e4799a37f74a030762d09
    SHA-256: 19638b8cbffb8b7126f5f05998ef58fbc6d998309ce3f21ed99e2ae172091f19
    Size: 42.60 kB
  2. pg_repack-1.4.6-3.module+el8+1961+24ad1a4d.src.rpm
    MD5: d9ad9f18c3b9f33748bf33ad106f019d
    SHA-256: 706443670479ece8550870066f294f281c03b29572936f163a7c034e88dc3253
    Size: 100.99 kB
  3. postgres-decoderbufs-0.10.0-2.module+el8+1961+24ad1a4d.src.rpm
    MD5: ec7fef764f3ec7f24ee89addbf893727
    SHA-256: 52eb887b2e63bb05e2979df4455e0834aa6774d418dfcdad220ea5048c478f56
    Size: 21.13 kB
  4. postgresql-13.23-2.module+el8+1961+24ad1a4d.src.rpm
    MD5: 2e3affc0b126827b6bc0cd43d59b1b9e
    SHA-256: 18268a63eaca43ec1407104122c1408f62445d144c673fbb58f519f1a4aae097
    Size: 48.99 MB

Asianux Server 8 for x86_64
  1. pgaudit-1.5.0-1.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: cb0bc05708a623f9c79700e480d52b51
    SHA-256: a8d578d2bd37b7849a675bd23cec1107d50a48d90faedd678d168b09651686a8
    Size: 27.03 kB
  2. pgaudit-debugsource-1.5.0-1.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: eeafba73bd985af8a468bf7f7d1bb92b
    SHA-256: 5292dfa2c3ccca5e9d78fa95c746ff79021ed0c08e7562db804a4b5ac63cbaab
    Size: 22.80 kB
  3. pg_repack-1.4.6-3.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 88cba4f01b0ecf40a1c1c37f09518ea1
    SHA-256: 5cf11c461251a8e361e773585b24909c8d5fb2513ff8c2fc9a7c1fab5c2add1f
    Size: 89.70 kB
  4. pg_repack-debugsource-1.4.6-3.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 750edda3fe62a471b0c33db9039fe814
    SHA-256: 5ed2a9771ca3e5c172d5a8636e13347cff7cfafacf344dde4a6aa5462553a52b
    Size: 49.69 kB
  5. postgres-decoderbufs-0.10.0-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: bc1bcd11d37c47dd5bc99dcca7655db1
    SHA-256: d39e197fb5dccd675d3d1d99bd3c960240ddc14c23cc213bd8dbca84c5e5ed68
    Size: 21.91 kB
  6. postgres-decoderbufs-debugsource-0.10.0-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: fac597a01eff78cf30171ce5486e6eb4
    SHA-256: 516884cd354da7e945cb6abf7fc9f5a8b121cc37a51a7c23ebb363b56bcab341
    Size: 16.81 kB
  7. postgresql-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 51e1393b453387dac0ddef896b4800d9
    SHA-256: b25328378cfdfc08a82d26eadfc1ddd868fd4f10aea5824499b8dcb599fc362e
    Size: 1.58 MB
  8. postgresql-contrib-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 44f219410ade6fbe2d6bec78c3d8031b
    SHA-256: 335dbf2c434130562ca9011e57bb576d90107fde3ff85bda0ae92c75b2fe8cb0
    Size: 884.69 kB
  9. postgresql-debugsource-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: e8bd789ab4726ad6af8a7a0bce8fdf7f
    SHA-256: 03ce105c653fc7ad293f6a04b83dc470ef7ea835d5ec6170ecfc985ce04bf427
    Size: 17.90 MB
  10. postgresql-docs-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: dec197d6b073f5e89c30d41a64543004
    SHA-256: c9a312d23d7830c907ff0801e8a78941c1007a1db9fb28aac6977bae22ab8b3f
    Size: 9.96 MB
  11. postgresql-plperl-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 3290e26f635532ca3372750c03aa4a7b
    SHA-256: 265c1c2fa7d7a01586454b1e1a2f77e61628e3c79243987d5a762d9795c37a8d
    Size: 113.19 kB
  12. postgresql-plpython3-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 108b34157e942ef3632b7e0f76d24b74
    SHA-256: 2784031171a2bb0c9ae17bf2a458c79598eae510fb3cb55270df9dcf1c140155
    Size: 129.48 kB
  13. postgresql-pltcl-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 7fb3db3a8fc7e1cbc9e87826cdc15a92
    SHA-256: 7b4db6a9e8594ed46658ec1d44c93da532fce94405a55580cbacd471134cc6f8
    Size: 86.01 kB
  14. postgresql-server-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: de78b598adc216666806fef91e601bf2
    SHA-256: 9fd31bbb530d0486523e9e8e11ae710f162236d2ad86ba60faed1aabb1138128
    Size: 5.61 MB
  15. postgresql-server-devel-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 20bfaef607ab9cbd86e7493aad027b8e
    SHA-256: 5c6e7760ce0117109a65a482a7caac2fc545b7ec951aa0f5a23bb7f494be38fd
    Size: 1.27 MB
  16. postgresql-static-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 688fb05689e2ea733c3374d6125a6cb1
    SHA-256: 8249141b8309d5cf7d1d3417eeb82808def6e6a16f552639c92b9e94a8ac9585
    Size: 190.87 kB
  17. postgresql-test-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: c1ee8b06ae6faabbcba82706b6bb7573
    SHA-256: 49edf062cac44a42485c7a3c42bee4e597ec8f56514fdf2943bc0f5cb42b8c50
    Size: 2.06 MB
  18. postgresql-test-rpm-macros-13.23-2.module+el8+1961+24ad1a4d.noarch.rpm
    MD5: affd53a3a68f49a44f7404b378ac7430
    SHA-256: 02193d5967f80224ef9b49d4c200302c039e4251e5880c8d7f6294e87b976052
    Size: 53.33 kB
  19. postgresql-upgrade-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: fd4ab1f2b38f6b1e7b2a661c427dd973
    SHA-256: d984b53405553d36f496f3336d2b3b8c4a1be88e9d6eb2e26b5c5cd31d4b45f3
    Size: 4.39 MB
  20. postgresql-upgrade-devel-13.23-2.module+el8+1961+24ad1a4d.x86_64.rpm
    MD5: 11f25e94a24cd54c39ada7bf7d00dd50
    SHA-256: 2cd9730df7aed6eabbb02c2285716200017a68ae231cc004b00cd4db94e48f9a
    Size: 1.18 MB