{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-2004: require superuser to install non-built-in selectivity\n estimators and harden intarray _int_matchsel() against wrong operator type\n- CVE-2026-2005: fix heap buffer overflow in pgcrypto PGP public-key\n decryption by validating session key length\n- CVE-2026-2006: fix multibyte character handling vulnerabilities in wchar\n conversion, EUC_CN encoding length, and replace pg_mblen() with\n bounds-checked versions across all call sites", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1773160910.json" } ], "tracking": { "current_release_date": "2026-03-10T16:42:55Z", "generator": { "date": "2026-03-10T16:42:55Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1773160910", "initial_release_date": "2026-03-10T16:42:55Z", "revision_history": [ { "date": "2026-03-10T16:42:55Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "postgresql: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-static@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-docs@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-pltcl@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-test@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-server-devel@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-contrib@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-server@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-private-devel@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-upgrade-devel@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-plperl@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-plpython3@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-upgrade@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } }, { "category": "product_version", "name": "postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product": { "name": "postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_id": "postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-private-libs@13.11-1.el9_2.tuxcare.els15?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "product": { "name": "postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "product_id": "postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/postgresql-test-rpm-macros@13.11-1.el9_2.tuxcare.els15?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch" }, "product_reference": "postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64" }, "product_reference": "postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-2006", "cwe": { "id": "CWE-1285", "name": "Improper Validation of Specified Index, Position, or Offset in Input" }, "notes": [ { "category": "description", "text": "Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-2006" } ], "release_date": "2026-02-12T13:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-10T16:41:52.739903Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910", "product_ids": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-2004", "cwe": { "id": "CWE-1287", "name": "Improper Validation of Specified Type of Input" }, "notes": [ { "category": "description", "text": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-2004" } ], "release_date": "2026-02-12T13:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-10T16:41:52.739903Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910", "product_ids": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-2005", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-2005" } ], "release_date": "2026-02-12T13:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-10T16:41:52.739903Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910", "product_ids": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773160910" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:postgresql-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-contrib-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-docs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plperl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-plpython3-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-pltcl-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-private-libs-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-server-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-static-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-test-rpm-macros-0:13.11-1.el9_2.tuxcare.els15.noarch", "AlmaLinux-9.2:postgresql-upgrade-0:13.11-1.el9_2.tuxcare.els15.x86_64", "AlmaLinux-9.2:postgresql-upgrade-devel-0:13.11-1.el9_2.tuxcare.els15.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }