{"id":"CLSA-2026-1773160910","summary":"postgresql: Fix of 3 CVEs","details":"- CVE-2026-2004: require superuser to install non-built-in selectivity\n  estimators and harden intarray _int_matchsel() against wrong operator type\n- CVE-2026-2005: fix heap buffer overflow in pgcrypto PGP public-key\n  decryption by validating session key length\n- CVE-2026-2006: fix multibyte character handling vulnerabilities in wchar\n  conversion, EUC_CN encoding length, and replace pg_mblen() with\n  bounds-checked versions across all call sites","modified":"2026-05-27T11:17:01.081591833Z","published":"2026-03-10T16:41:54Z","upstream":["CVE-2026-2004","CVE-2026-2005","CVE-2026-2006"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2026-1773160910.html"}],"affected":[{"package":{"name":"postgresql","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-contrib","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-contrib?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-docs","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-docs?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-plperl","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-plperl?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-plpython3","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-plpython3?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-pltcl","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-pltcl?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-private-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-private-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-private-libs","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-private-libs?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-server","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-server?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-server-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-server-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-static","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-static?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-test","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-test?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-test-rpm-macros","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-test-rpm-macros?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-upgrade","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-upgrade?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}},{"package":{"name":"postgresql-upgrade-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/postgresql-upgrade-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.11-1.el9_2.tuxcare.els15"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1773160910.json"}}],"schema_version":"1.7.5"}