RLSA-2026:28037

Security

Mirrored from RHSA-2026:28037

Issued at: 2026-06-23

Updated at: 2026-06-23

Synopsis

Important: postgresql:15 security update

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)

* postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)

* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)

* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2477439

2477442

2477447

2477448

CVEs

CVE-2026-6473

CVE-2026-6475

CVE-2026-6477

CVE-2026-6478

Affected packages

Rocky Linux 9 aarch64 - AppStream

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.aarch64.rpm

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.src.rpm

pgaudit-debuginfo-0:1.7.0-1.module+el9.7.0+40011+28af63c9.aarch64.rpm

pgaudit-debugsource-0:1.7.0-1.module+el9.7.0+40011+28af63c9.aarch64.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.aarch64.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.src.rpm

pg_repack-debuginfo-0:1.4.8-2.module+el9.7.0+40011+28af63c9.aarch64.rpm

pg_repack-debugsource-0:1.4.8-2.module+el9.7.0+40011+28af63c9.aarch64.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.aarch64.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.src.rpm

postgres-decoderbufs-debuginfo-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.aarch64.rpm

postgres-decoderbufs-debugsource-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.ppc64le.rpm

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.src.rpm

pgaudit-debuginfo-0:1.7.0-1.module+el9.7.0+40011+28af63c9.ppc64le.rpm

pgaudit-debugsource-0:1.7.0-1.module+el9.7.0+40011+28af63c9.ppc64le.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.ppc64le.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.src.rpm

pg_repack-debuginfo-0:1.4.8-2.module+el9.7.0+40011+28af63c9.ppc64le.rpm

pg_repack-debugsource-0:1.4.8-2.module+el9.7.0+40011+28af63c9.ppc64le.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.ppc64le.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.src.rpm

postgres-decoderbufs-debuginfo-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.ppc64le.rpm

postgres-decoderbufs-debugsource-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.s390x.rpm

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.src.rpm

pgaudit-debuginfo-0:1.7.0-1.module+el9.7.0+40011+28af63c9.s390x.rpm

pgaudit-debugsource-0:1.7.0-1.module+el9.7.0+40011+28af63c9.s390x.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.s390x.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.src.rpm

pg_repack-debuginfo-0:1.4.8-2.module+el9.7.0+40011+28af63c9.s390x.rpm

pg_repack-debugsource-0:1.4.8-2.module+el9.7.0+40011+28af63c9.s390x.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.s390x.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.src.rpm

postgres-decoderbufs-debuginfo-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.s390x.rpm

postgres-decoderbufs-debugsource-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.src.rpm

pgaudit-0:1.7.0-1.module+el9.7.0+40011+28af63c9.x86_64.rpm

pgaudit-debuginfo-0:1.7.0-1.module+el9.7.0+40011+28af63c9.x86_64.rpm

pgaudit-debugsource-0:1.7.0-1.module+el9.7.0+40011+28af63c9.x86_64.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.src.rpm

pg_repack-0:1.4.8-2.module+el9.7.0+40011+28af63c9.x86_64.rpm

pg_repack-debuginfo-0:1.4.8-2.module+el9.7.0+40011+28af63c9.x86_64.rpm

pg_repack-debugsource-0:1.4.8-2.module+el9.7.0+40011+28af63c9.x86_64.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.src.rpm

postgres-decoderbufs-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.x86_64.rpm

postgres-decoderbufs-debuginfo-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.x86_64.rpm

postgres-decoderbufs-debugsource-0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9.x86_64.rpm