[CLSA-2026:1779697425] postgresql: Fix of CVE-2026-6478
Type:
security
Severity:
Low
Release date:
2026-05-25 08:23:49 UTC
Description:
- CVE-2026-6478: backport upstream prerequisite that introduces the timingsafe_bcmp() constant-time memory comparison helper, then apply it to SCRAM and MD5 authentication paths that previously used memcmp() or strcmp() on password hashes, computed keys, and SCRAM nonces, to prevent timing-side-channel password recovery
Updated packages:
  • postgresql-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:1a09864ffaf0e9d23fe1b29182a04b6cff39d8f03a89e5eba67f9e6bcb315ab7
  • postgresql-contrib-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:71e11fedffdb3cd4957b8bc6484f9f7f61cc7a5d3f0658a0524a0dffddb5a91c
  • postgresql-docs-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:3b9c488a742c0332f0abd24ecec8d3f8bc98229d98e875d7d82657b4da099ed9
  • postgresql-plperl-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:260665a4736aa260e9e5513fa3387ca4ec9f03de60f681dc8676965f42d5b36d
  • postgresql-plpython3-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:316ffc488a2acbae3929879c8e2891bddb5dd5487279f083b43ce5215f2dbf50
  • postgresql-pltcl-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:95647591fd50854eb2a5fc92edfdc7bba22dbfbfa4e5e449531cab4836856f60
  • postgresql-private-devel-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:1cf0bd3894de7619c779eae923c4e830098d2c83f7095bdb1dc00c844b2625eb
  • postgresql-private-libs-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:5b816d618de0ab96c2727bccf37e5de9f339963b62ca676e7959274a0c91a363
  • postgresql-server-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:646fe355cc7507cc73b75a5f7940f6d6c551c319072235aef02100a3ba97d9f1
  • postgresql-server-devel-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:1c2d2de1824b9610bf3166122c6fdf9a5c85d17614d53ec0c1eb07a918a25132
  • postgresql-static-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:fc8f411303eb3d092e2c729a071d7e88bd085dd393f2c9da885450ea2d6487e4
  • postgresql-test-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:860563fc89d780dab28a66426148a08da9fb83bc81dd9e2a191cfbfee418494f
  • postgresql-test-rpm-macros-13.23-1.el9_6.tuxcare.els7.noarch.rpm
    sha:5206e1c99bd10e7308706a449634e7b796f2ad9632839049b99c7a2e01b7ad0e
  • postgresql-upgrade-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:9ce023917a3b95d8cf5556269eb0bc38c39b3c4c124cb0e454f19abb5e08c00a
  • postgresql-upgrade-devel-13.23-1.el9_6.tuxcare.els7.x86_64.rpm
    sha:7611ffd0f1b4b9cfa2a2c2c043726b00fec1fd400db8c39d61d4be8ab0ce8d0f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.