[security - high] postgresql:15 security update, postgresql-15.17-1.module+el8+1962+d4ccd1dd
エラータID: AXSA:2026-331:01
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Modularity name: "postgresql"
Stream name: "15"
Update packages.
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
N/A
SRPMS
- pgaudit-1.7.0-1.module+el8+1962+d4ccd1dd.src.rpm
MD5: 1d0093a9baaea3ea7a8aae90b057cbba
SHA-256: c101ffe4b7702369adbea0194847b2e32eb5434c7eb657fafa598b10e1259340
Size: 52.57 kB - pg_repack-1.4.8-1.module+el8+1962+d4ccd1dd.ML.1.src.rpm
MD5: 5196ae942f75fdc5ff490eda6d4f7803
SHA-256: a4030cff54eb336cc55f7f85ccb60ddb118edeac03119d2164d20835acf2cd7a
Size: 102.82 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1962+d4ccd1dd.src.rpm
MD5: c646b6c4c69b9f86c340c865865b5fcd
SHA-256: ef50ec640c0cff3868606924fa60371ae6bf9a1ecc438f83eff213834a99f624
Size: 23.30 kB - postgresql-15.17-1.module+el8+1962+d4ccd1dd.src.rpm
MD5: bc019c10b771f9e4a05d0aa655d80730
SHA-256: 3843d128c31f1af76a98f20794baa83b9f94e1cd187ba5fece0c7f7146e759f7
Size: 51.25 MB
Asianux Server 8 for x86_64
- pgaudit-1.7.0-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: ead18fe792b78e4a60a69ee652510972
SHA-256: 00ef532b077d4b2375ecf78d53a94a9f7d22bd9da47c1e55332dd426f06b48a9
Size: 28.33 kB - pgaudit-debugsource-1.7.0-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: b617da424e808331f140abdfade9895a
SHA-256: d234d918ed38c9116f4339b3443242117dc3deb3722cface1de88d178ed617e7
Size: 24.11 kB - pg_repack-1.4.8-1.module+el8+1962+d4ccd1dd.ML.1.x86_64.rpm
MD5: 0291cfd713bc06067a96d23a3a08f8c9
SHA-256: 4f3ec91f8103e4778d5367b1e46f93ff8151e0f268a95eb296867893002dc121
Size: 94.55 kB - pg_repack-debugsource-1.4.8-1.module+el8+1962+d4ccd1dd.ML.1.x86_64.rpm
MD5: ffa6d8fcd22a80e16e4dde78d51a094a
SHA-256: 7a6913049159e71446971a1719d595d90d724384dc44b739aa14afe795617cb3
Size: 50.73 kB - postgres-decoderbufs-1.9.7-1.Final.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 3400f23774025ad9ef2698e83011b150
SHA-256: a4241c82f7ee4489d6f0f3c8a5b58caac64cd6f6b1c13da6f469020a8854c807
Size: 23.82 kB - postgres-decoderbufs-debugsource-1.9.7-1.Final.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 852591eb2705483751bbf5a12a2bdaa7
SHA-256: 7151dbc8e0bc8283dfc0e987abfb765631508a0510176e040bf04589bfffa7b8
Size: 18.27 kB - postgresql-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 0f5be21d74b063bf430038876d1a5454
SHA-256: beb5a4154de78b9c7ecdf55aedc92e3ccbb340e6f3b3d07849da5ac63fbe4a8d
Size: 1.74 MB - postgresql-contrib-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: e9ac31aeae6c1934d82b2b8c1095c66b
SHA-256: b6da09ee6c6fcf28cc37a947bce33f64128f1387bac066f55c4dc32f417579ec
Size: 970.14 kB - postgresql-debugsource-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: a53994ecfb03880ccda90f2cfe03c79c
SHA-256: 00e07b0dba80d84323ea8bd2f2f88282e4b0077804e651a0671d9ddf2dd8c218
Size: 18.97 MB - postgresql-docs-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 85785c784810dc4397cd63441dca33b5
SHA-256: 5ab9157d4e66c5ef6188e2d3ec21754a3ac5d2a8ab3f928f2ef6eb3f44e9666c
Size: 10.38 MB - postgresql-plperl-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 29f0733132215758e6b8fd6ce3f86a0a
SHA-256: c6437d229e1636958be43377ebf3084868947217af3b3c9e0aba88e655be84b8
Size: 73.34 kB - postgresql-plpython3-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 63b1279810b0ccb3906ebc1afb4b8c2f
SHA-256: e4e7457c910030a219ee5759c6bd2156d286ca0f4ee53d034f98840a027c2110
Size: 92.70 kB - postgresql-pltcl-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 289cb8d7430e87f90f85360b7d9d9d26
SHA-256: dea377b2eff5ba086be89dbfb2db905f4e2efe21e464a2a51353513af9daad04
Size: 45.57 kB - postgresql-private-devel-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: f2ab81d460ae3371b362c40ea598081e
SHA-256: 4e1e3acb5b068302e12cc0ff6a4c85557f425728a7341befea46ba7d6423b4b6
Size: 65.01 kB - postgresql-private-libs-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 73e6cbd7fbb2855a132243493c418019
SHA-256: 4ee2d893e6a29e365384ddb7dfca8a52bdd14c529cc29b5c9e9bdbb4139f1c3e
Size: 133.23 kB - postgresql-server-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: be0341b37b53281677cbabc7fdcbf81e
SHA-256: f55ce01e41ccd23b0557eda5076f96dab97b9c3869c544e463527543782db1a5
Size: 6.17 MB - postgresql-server-devel-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 12b4fce88f9b85708121b990faa5e722
SHA-256: 69d9d00c3e5cf7c1a0fa54e66ff0207ef6ea22baf665986b6364865adfa6da50
Size: 1.37 MB - postgresql-static-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 39822a6067afc7dc2414a37eb1c4d5b9
SHA-256: da9b5c23268cbc1e2047b39d5aac29faefed3f5c0d37f9485413a1c9ddfaba4a
Size: 153.57 kB - postgresql-test-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: b22d84860e7d90718836269890a2dfaa
SHA-256: 72eaa012abd005532c682dbab1a274707834f91c14459b780ba06165639aa7dc
Size: 2.18 MB - postgresql-test-rpm-macros-15.17-1.module+el8+1962+d4ccd1dd.noarch.rpm
MD5: b33fb09ddcbb194a9472f0f0ae8d131e
SHA-256: d224c2f3209d5cc7fc26c8e51c1e7a4db876caf53a201d7bdff1d423f4751898
Size: 10.33 kB - postgresql-upgrade-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: db9e658f4c1fbb49ec1e4e295f6bde0f
SHA-256: 3c78d89a577c7615160ae1b26c83780ed6c5269f1d73fdcbc2fd83381a8048db
Size: 4.51 MB - postgresql-upgrade-devel-15.17-1.module+el8+1962+d4ccd1dd.x86_64.rpm
MD5: 819c33bd50d400af404ee3eb41c9e09e
SHA-256: cdbcd796dc01775f55691c06f0e9bf2421952e728e1264003114b1f459effdf7
Size: 1.18 MB