exploitDog

SUSE-SU-2026:0769-1

Опубликовано: 03 мар. 2026

Источник: suse-cvrf

Описание

Security update for postgresql18

This update for postgresql18 fixes the following issue:

Update to version 18.3 (bsc#1258754).

Regression fixes:

the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix).
a standby may halt and return an error 'could not access status of transaction'.

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise Server 15 SP4-LTSS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise Server 15 SP5-LTSS

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

libecpg6-18.3-150200.5.9.1

libpq5-18.3-150200.5.9.1

libpq5-32bit-18.3-150200.5.9.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260769-1/
Link for SUSE-SU-2026:0769-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024548.html
E-Mail link for SUSE-SU-2026:0769-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1258011
SUSE Bug 1258011
https://bugzilla.suse.com/1258754
SUSE Bug 1258754
https://www.suse.com/security/cve/CVE-2026-2006/
SUSE CVE CVE-2026-2006 page

Описание

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libecpg6-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpq5-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpq5-32bit-18.3-150200.5.9.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libecpg6-18.3-150200.5.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-2006.html
CVE-2026-2006
https://bugzilla.suse.com/1258011
SUSE Bug 1258011