[security - high] postgresql:16 security update, postgresql-16.13-1.module+el8+1963+dcdf7ecc
エラータID: AXSA:2026-332:01
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Modularity name: "postgresql"
Stream name: "16"
Update packages.
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
N/A
SRPMS
- pgaudit-16.0-1.module+el8+1963+dcdf7ecc.src.rpm
MD5: f3643b99ea9b304d4702335cc1bcc513
SHA-256: ab8771299e0ca9826e6a1a3cbb23b5b6cf4a4aeb05f3c67b214f8f6dced966e9
Size: 52.51 kB - pg_repack-1.5.1-1.module+el8+1963+dcdf7ecc.src.rpm
MD5: 3569f348023fea78c31de5485b79078a
SHA-256: b85c8db9fce57432c85660a142b2ea0b44c81d444fb935ce18687981e8e2d0de
Size: 104.88 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1963+dcdf7ecc.src.rpm
MD5: 3da5e360b49b523f4ab97ddf37a94869
SHA-256: a4e9a19f484cf66f008f9466ae4833b7b282d9f728809438efc0a92f01268f4b
Size: 21.11 kB - postgresql-16.13-1.module+el8+1963+dcdf7ecc.src.rpm
MD5: 0d4c7ddc8176effa89b329342f8183d3
SHA-256: 70c7fe481bebe473ac0ebca514012dc92e379e3ea0b61c7e53be0fa75b494553
Size: 46.14 MB
Asianux Server 8 for x86_64
- pgaudit-16.0-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 12002ce8965f4e93b52b07acda379785
SHA-256: c2e7bc9beb1bca5eb6fdf795a4a9c1b557ce0d38caf499593d9e7abe93e8a0c1
Size: 27.45 kB - pgaudit-debugsource-16.0-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 7c8cd5ea299fdbbc90cd19e4c61cc003
SHA-256: 2147647fbecfb77326969cc3775b2ac530fedffe5bd851da5780314e8f8aaf1e
Size: 23.57 kB - pg_repack-1.5.1-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: bcd9b9b1a8e9a4d85ae5dffc6b46224d
SHA-256: ec647361853dcc21324aff7e11934d4d77475fda396922eeccd5d5f249d4d346
Size: 95.38 kB - pg_repack-debugsource-1.5.1-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: a11168d7dde93dd0db472e480fb8d022
SHA-256: 714a4da83f7c15a511eaa2a5aca46d3856284393620bc195ea469909ac08957e
Size: 50.82 kB - postgres-decoderbufs-2.4.0-1.Final.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 070d6fedc8ba1d80a0edc41f0334daa1
SHA-256: 5fb76d3d1b642d92aa639acecd0f1d7b6e19712ecc1cf943f5dfcb5427dedb8d
Size: 22.14 kB - postgres-decoderbufs-debugsource-2.4.0-1.Final.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: c92743c40f4028f6aedc172288f6b6d9
SHA-256: 59d6e097c619fbec8c489d3f10818311c26d86ce97d164f9d809bdc1fe6b55fa
Size: 16.73 kB - postgresql-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 49c3e43d3b39d5262f94c0622b959c66
SHA-256: 82c5716eec177025bd9d6c6123e8e0eca52834ea2b96fefb225f8b02962fe8d9
Size: 1.96 MB - postgresql-contrib-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 71f9f50a0c5251ae343cec220c6aafe4
SHA-256: 7b375b80a8f4ebfc9ea21b5ff66d036ec69814d7daaa50c9d9a70c22d2e1a502
Size: 0.98 MB - postgresql-debugsource-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: d87a0e376b94bd6448a7e556a87e35c6
SHA-256: af906917503f19b4372cd4ac14742a9cddddedddfa37f3ac6198d17b69101586
Size: 19.93 MB - postgresql-docs-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 24ca8f5ae256abb20d1aeda829a08a53
SHA-256: 50a7bee8c3e63d99d8188916c536485754497f55a164ec674504162c1f0fb8d9
Size: 2.52 MB - postgresql-plperl-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 529cd3b1a91bbe95db507b2d2c612d13
SHA-256: e38f72884caa575413c6c91cd7b70c709c83734c2288c3d2eab1beb908e1af15
Size: 75.49 kB - postgresql-plpython3-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 13fb62d86480261ef81a2a423067733a
SHA-256: 3f1916ac21066f16240071c117a2a210236cc5f5b057c02a2903e9d9c8ba83c6
Size: 94.07 kB - postgresql-pltcl-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: eebb6988a1a5bc7b9dc903ad980e6d34
SHA-256: ddb1e2d8182a1421cdc2ae6d0c21d71014093e634cf036e852cb0abe12a1e45e
Size: 46.84 kB - postgresql-private-devel-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 3b95a4724541f7e17b7b33144e9ff9e1
SHA-256: 5d3b8c8b09847f78864a9281df5527ef7a2b00a34d84b87e35fda2520edc9e9a
Size: 63.96 kB - postgresql-private-libs-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: ead7fe95c7828c2027682eb9988ffef3
SHA-256: 5bbc32e87282f67b785f54ae0eee752106995d8771cd2dacbd856ecdba9571b1
Size: 136.52 kB - postgresql-server-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 68b6e53d5424c57a943bd01db391a57c
SHA-256: e7b33bc32053f55265500d5e05d8b7bd103059ad7faf275ffa611993e40ae46e
Size: 6.89 MB - postgresql-server-devel-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 8a1a9e562d0e5d55d370de74e1460942
SHA-256: fbff4eed749015165067be5b13556966e9f9e65cb12aaa06ae3ddbcee5cd9b24
Size: 1.41 MB - postgresql-static-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: a495fd6a5c00c6a507b2f5c4cdadd73a
SHA-256: e3d2bdc0b6b6217a7e754d7fddfd9a0fc83c9b65b8d507eccdfc2ffae2056542
Size: 156.60 kB - postgresql-test-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: cf37e871a2009aaa400192330757f300
SHA-256: a9f3ff9d306cb9cc82c25eedeca915519cd53e979d5308f403d6753da3f89535
Size: 2.25 MB - postgresql-test-rpm-macros-16.13-1.module+el8+1963+dcdf7ecc.noarch.rpm
MD5: 5e450821cf03ae957e44f6863ae1805f
SHA-256: caec9b4ec319b3d1365095b5f87c02d8a6c11c167863c3b5eebfe53fd49f658c
Size: 10.46 kB - postgresql-upgrade-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 63b688191838dcdbbc846e4935c0555d
SHA-256: 27b1c6e3b49ff375fc52463224f6dc964d63835384611eab7797a0ad3a8bec58
Size: 4.91 MB - postgresql-upgrade-devel-16.13-1.module+el8+1963+dcdf7ecc.x86_64.rpm
MD5: 75ea08afc893cc9c409d15076f74b967
SHA-256: 10bbc3e59faa959d4629607f4303b3d259896922ee1236a77cab95696058fe2f
Size: 1.33 MB