[CLSA-2026:1779893321] postgresql: Fix of 5 CVEs
Type:
security
Severity:
Low
Release date:
2026-05-27 14:48:45 UTC
Description:
- CVE-2026-6473: integer overflow fixes across multiple vulnerable sites: formatting.c size calculations (mul_size), intarray/ltxtquery findoprnd() left-offset overflow, ltree lquery numvar/totallen overflow, and ts_headline option length overflow - CVE-2026-6474: timeofday / pg_strftime: guard against unsafe format codes and ensure null-termination on overflow - CVE-2026-6477: libpq: harden PQfn() / pqFunctionCall3 against server-controlled buffer overruns in lo_read() - CVE-2026-6478: authentication: add timingsafe_bcmp() helper and apply it in MD5 / RADIUS auth paths - CVE-2026-6637: refint contrib: prevent SQL injection and buffer overruns in check_primary_key / check_foreign_key
Updated packages:
  • postgresql-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:7c7f44cec1a2984f252d5cbb4d97d76a87a1cae3649d73efd7b12ebe77a8fef9
  • postgresql-contrib-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:25f3b5ca611bb72d44a4bce4a85d0d27d7945ff02f701e0271eabbed3fd52b76
  • postgresql-devel-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:e8e9a3f01dbe1753c50bb3e05236a48a92a0c3208319fc7d1cc05dfe895fb874
  • postgresql-docs-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:3fffb9e657a2353e160d1e41bf504fb73b75cf2f3aec842c32d0189c99292d58
  • postgresql-libs-9.2.24-8.amzn2.0.9.tuxcare.els1.i686.rpm
    sha:6c8c8f9865e5bd313043d1859c7749a0b3dab26e80fd1194cac1b584568ef5e6
  • postgresql-libs-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:9860b2270234f6e6a6378742668745bb05c5a09784187a4355f4a73a945f9a1b
  • postgresql-plperl-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:363e9ed0cda569389ad962959b7a9f1c7af8c9b5fb8cd17046fc9a46343c8bfa
  • postgresql-plpython-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:de55abd78e05e48c844e933fbe3cf9f089dbf215f93371c0da2ebe30056eeabb
  • postgresql-pltcl-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:63990d5c27db00926899e8160ddd70d46a774f3a59b0fbd2227ac0704a463315
  • postgresql-server-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:a77da439d855b7595404d8f615efe468709ffd0885a74a64263c85965ce944ed
  • postgresql-static-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:743bb9fb9f6c7d38c907378bc009d667631ff17c030ee48025331b5c24a502b9
  • postgresql-test-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:8baa00685fda1652850b38808afdef6078b625cc2b0bd92852a12965209f1471
  • postgresql-upgrade-9.2.24-8.amzn2.0.9.tuxcare.els1.x86_64.rpm
    sha:ccc3e36c6139731dee892c93f81577c2c1d160db05b3a73d3af148b0d9e3217c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.