[CLSA-2026:1783433926] Fix CVE(s): CVE-2026-6473
Type:
security
Severity:
Important
Release date:
2026-07-07 14:19:03 UTC
Description:
* SECURITY UPDATE: integer-overflow and buffer-overrun hazards in size calculations across memory allocation, regex, formatting, array, ltree/intarray, tsearch, ICU locale-related code and SCRAM Unicode normalization code - debian/patches/CVE-2026-6473.patch: introduce overflow-safe palloc_array/repalloc_array allocation helpers and pg_add_size_overflow, add explicit MaxAllocSize/INT_MAX bound checks in regex compilation and DFA allocation, formatting.c, array_agg, ltree/intarray and ts_headline paths, use overflow-safe palloc_array in the ICU string conversion helpers icu_to_uchar (src/backend/utils/adt/pg_locale.c) and icu_convert_case (src/backend/utils/adt/formatting.c), and guard the SCRAM SASLprep decomposition size in src/common/unicode_norm.c against integer overflow - CVE-2026-6473
CVEs fixed:
Updated packages:
  • libecpg-compat3-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:f0c8a732a50e1011389af3088246990f4dbf2713
  • libecpg-dev-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:4b5145784a7da9f5ec4bb47de58bddad12a60f77
  • libecpg6-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:380c20fd87def27f59c40d2badbc050e1397ad72
  • libpgtypes3-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:86fc3df08cbe3442c81fdcd216c0a9ca2a55aa33
  • libpq-dev-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:5e853f7c4ffcd1b4856f81681b08f36c71286b0b
  • libpq5-11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:1c321dc0b27557f84764c82a0bb78764679819ac
  • postgresql11_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:05e6bef0794c96fdf49881eae6ca90f226bef63a
  • postgresql11-client_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:9f48d8ab35c594938c97b37ec2a8d28a4cfdced8
  • postgresql11-doc_11.22-1~bookworm+tuxcare.els12_all.deb
    sha:0e0f761d498bf840321dc521caec57b5b0f4370a
  • postgresql11-plperl_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:6d173f7641641240bbb2e854e6cb0b696294f00e
  • postgresql11-plpython3_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:2024ca6b6cb8d0d6831cd5f39a2f81dcbc794607
  • postgresql11-pltcl_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:66b0746491e239d5f89992db23e9bc35ea7f3215
  • postgresql11-server-dev_11.22-1~bookworm+tuxcare.els12_amd64.deb
    sha:e4945101d07b9a692ccb1203349afcc954ffccba
  • libecpg-compat3-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:e0362307fd7066a001181347526cf5f9b271450a
  • libecpg-dev-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:4f64459172777d13735d4f6d13efd495b4f73a23
  • libecpg6-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:530ecc4f3b97c6da58fc3136b0beeaf574527ca0
  • libpgtypes3-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:e88b9db7a1a3a8c9b3e10ce6133f61b69d4870a6
  • libpq-dev-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:942969fc7229c1f8c9ece6bd66ee9f4d880c957a
  • libpq5-11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:dae0bdfff4589873e20c93813c5ff8d42e8391ab
  • postgresql11_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:63aac7de3badfc284e50cdc50c0de9a9490bfd27
  • postgresql11-client_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:a4f7d65e255ea3cdb5af9ed02174fa88b91d66d9
  • postgresql11-doc_11.22-1~bookworm+tuxcare.els12_all.deb
    sha:0e0f761d498bf840321dc521caec57b5b0f4370a
  • postgresql11-plperl_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:e9290e9a19d3beee04720436642aaecd747028c6
  • postgresql11-plpython3_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:387fd4f856f7e6625340290cecabb17b423f0d7f
  • postgresql11-pltcl_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:4ee9cac95a64c50963365e97f1bf447945683c2c
  • postgresql11-server-dev_11.22-1~bookworm+tuxcare.els12_arm64.deb
    sha:95f8743f1aa4756d6e55dfbf08f094ee79d8c5da
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.