[CLSA-2026:1783434490] Fix CVE(s): CVE-2026-6475, CVE-2026-6479
Type:
security
Severity:
Moderate
Release date:
2026-07-07 14:28:29 UTC
Description:
* SECURITY UPDATE: Unbounded recursive SSL/GSS negotiation in ProcessStartupPacket() could crash the backend via stack overflow - debian/patches/CVE-2026-6479.patch: track processed SSL/GSS negotiation attempts with a goto-retry loop instead of recursing in src/backend/postmaster/postmaster.c, and add TAP test src/test/postmaster/t/004_negotiate.pl - CVE-2026-6479
Updated packages:
  • libecpg-compat3-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:79cbe87cc10de07b777fd5a2e2bd2426a8e2670e
  • libecpg-dev-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:c166e5130bd083228ceaf63fada3f7fafaf1f27b
  • libecpg6-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:9fcbcb9a8ee713632b109e9bb7078cd5d4410557
  • libpgtypes3-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:95b91d4a8574c92b5147f652d38f698338643bce
  • libpq-dev-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:aedb67149c507f07804e3ba366359c5cc1b1c6b4
  • libpq5-13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:d7f0e1c351190ca70c131926cefcd3be063774b6
  • postgresql13_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:fd44e6597fb0aedad53692ea55174a18194aa1c0
  • postgresql13-client_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:bec0e33b04902815b38d4f0526bc8101235e8ec6
  • postgresql13-doc_13.23-1~bookworm+tuxcare.els7_all.deb
    sha:ff4f55aebee603b4e8976ef50d91be39462db26f
  • postgresql13-plperl_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:32a5f2eed1c94f3bfa28aeef06e3bc138551c8e8
  • postgresql13-plpython3_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:3d6c3943446b5585f5167c093b6fc65c55b3fb5a
  • postgresql13-pltcl_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:859f46654f7f19b78f81aceab3f79f550f752d7d
  • postgresql13-server-dev_13.23-1~bookworm+tuxcare.els7_amd64.deb
    sha:0f0004b1f5f15e4079bff3bd731431067e9ee88d
  • libecpg-compat3-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:6c18d67ff5c0bfdab5e32145967d54d998e3559f
  • libecpg-dev-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:49a21d954c10b48fc3a96ac1670d14ef1f1110b9
  • libecpg6-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:b4251317c8353c85440327d870d240ff8ff3db64
  • libpgtypes3-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:7c0b1267f4a6627f74230ac401030e51f08508b5
  • libpq-dev-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:035a75fbbac8f1fa3d796a9568c5790b16e3fdcd
  • libpq5-13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:fa6074890d9c580892f09f06f2a843d9945cc539
  • postgresql13_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:f12ba003ef1d90282920031d57269b0ab241c6ee
  • postgresql13-client_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:941b30747612289789fe529650111f81c6e48ff3
  • postgresql13-doc_13.23-1~bookworm+tuxcare.els7_all.deb
    sha:ff4f55aebee603b4e8976ef50d91be39462db26f
  • postgresql13-plperl_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:b149ec203c0b8fe5e3b53dac91f62567a07e38c7
  • postgresql13-plpython3_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:f9726e1d0c36e2f2b3dc7466dc007724758ea322
  • postgresql13-pltcl_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:779041e40d5e0e47f4166a429eb8249fcb8ed09e
  • postgresql13-server-dev_13.23-1~bookworm+tuxcare.els7_arm64.deb
    sha:00fed5a6cec0c840ecfc42ed5acf1a52ae242245
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.