[CLSA-2026:1783631257] Fix CVE(s): CVE-2026-6475, CVE-2026-6479
Type:
security
Severity:
Moderate
Release date:
2026-07-09 21:07:55 UTC
Description:
* SECURITY UPDATE: Unbounded recursive SSL/GSS negotiation in ProcessStartupPacket() could crash the backend via stack overflow - debian/patches/CVE-2026-6479.patch: track processed SSL/GSS negotiation attempts with a goto-retry loop instead of recursing in src/backend/postmaster/postmaster.c, and add TAP test src/test/postmaster/t/004_negotiate.pl - CVE-2026-6479
Updated packages:
  • libecpg-compat3-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:614b95fd7a08681597d6fd8c3d86c61758d5e90e
  • libecpg-dev-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:b67d57c47c7ed6ed658d575ce0eb69498c36a742
  • libecpg6-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:2d86742804da96efd41af450de99d34492970a69
  • libpgtypes3-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:04ef09b869ba7ccff7976b29fd8c08ae9234ee8f
  • libpq-dev-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:fa95303da7d2b386b65c5e9c23bba2a4ec04dfba
  • libpq5-13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:1d6015f039e580d6104e35cc2840aa40a5b1dff8
  • postgresql13_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:8bfcc9334673072b869e4b8b9590fb9108dc7d51
  • postgresql13-client_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:2d169ffb64dcc65bfee4f154f3e10cc0d9d76d73
  • postgresql13-doc_13.23-1~trixie+tuxcare.els7_all.deb
    sha:538387b4ecc6f81f95cceff6f1409b883791c75a
  • postgresql13-plperl_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:068b7dd6219c5cefb3cfd99c13727961be486a3b
  • postgresql13-plpython3_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:ec06e39e9aa218d5008310ceec52ce51ebc4fdb7
  • postgresql13-pltcl_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:7a85c5f6683fb6fd43dafb481dc63a72094dee18
  • postgresql13-server-dev_13.23-1~trixie+tuxcare.els7_amd64.deb
    sha:e6b341570befa38f62d497dc3ad2423e0fcaa063
  • libecpg-compat3-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:b563dc929f49a5be84d5e5869687768baca6ce77
  • libecpg-dev-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:6a14d853ebb1f4a2915e1e72d250e6e539ca4dfc
  • libecpg6-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:c9f8e4931bbc2aafebbfd814f6138888eb4d4c39
  • libpgtypes3-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:a698dbbf0c21d4661020a95c7f0a0fa294f29380
  • libpq-dev-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:6ad43880ee72529aa8073e99da1f3ae3ec6e9031
  • libpq5-13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:147bf9ad3497ea57011abaa6d88ca67dc3f51b38
  • postgresql13_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:b7f3a90752a53befb592ef24ed206d4d570710c3
  • postgresql13-client_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:3b95e080ca70f0d1a14095153a336214ddafd5ee
  • postgresql13-doc_13.23-1~trixie+tuxcare.els7_all.deb
    sha:538387b4ecc6f81f95cceff6f1409b883791c75a
  • postgresql13-plperl_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:5e7ea6f68b135deda4c73d07a5d9856b088be38a
  • postgresql13-plpython3_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:04de68279777b7970ae9fd5e97c77594b444a0c6
  • postgresql13-pltcl_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:514f57b114d7e448bd641d111933677154bbd14c
  • postgresql13-server-dev_13.23-1~trixie+tuxcare.els7_arm64.deb
    sha:a5002e10f42298e1c4679f9e1516e81d246f535b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.