Описание
Security update for postgresql18
This update for postgresql18 fixes the following issue:
Update to version 18.3 (bsc#1258754).
Regression fixes:
- the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix).
- a standby may halt and return an error 'could not access status of transaction'.
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libecpg6-18.3-8.9.1
libecpg6-32bit-18.3-8.9.1
libpq5-18.3-8.9.1
libpq5-32bit-18.3-8.9.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libecpg6-18.3-8.9.1
libecpg6-32bit-18.3-8.9.1
libpq5-18.3-8.9.1
libpq5-32bit-18.3-8.9.1
Ссылки
- Link for SUSE-SU-2026:0785-1
- E-Mail link for SUSE-SU-2026:0785-1
- SUSE Security Ratings
- SUSE Bug 1258011
- SUSE Bug 1258754
- SUSE CVE CVE-2026-2006 page
Описание
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-18.3-8.9.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libecpg6-32bit-18.3-8.9.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-18.3-8.9.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libpq5-32bit-18.3-8.9.1
Ссылки
- CVE-2026-2006
- SUSE Bug 1258011