Описание
Security update for postgresql17
This update for postgresql17 fixes the following issue:
Update to version 17.9 (bsc#1258754).
Regression fixes:
- the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix).
- a standby may halt and return an error 'could not access status of transaction'.
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
postgresql17-17.9-150200.5.25.1
postgresql17-contrib-17.9-150200.5.25.1
postgresql17-devel-17.9-150200.5.25.1
postgresql17-docs-17.9-150200.5.25.1
postgresql17-plperl-17.9-150200.5.25.1
postgresql17-plpython-17.9-150200.5.25.1
postgresql17-pltcl-17.9-150200.5.25.1
postgresql17-server-17.9-150200.5.25.1
postgresql17-server-devel-17.9-150200.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
postgresql17-17.9-150200.5.25.1
postgresql17-contrib-17.9-150200.5.25.1
postgresql17-devel-17.9-150200.5.25.1
postgresql17-docs-17.9-150200.5.25.1
postgresql17-plperl-17.9-150200.5.25.1
postgresql17-plpython-17.9-150200.5.25.1
postgresql17-pltcl-17.9-150200.5.25.1
postgresql17-server-17.9-150200.5.25.1
postgresql17-server-devel-17.9-150200.5.25.1
SUSE Linux Enterprise Server 15 SP5-LTSS
postgresql17-17.9-150200.5.25.1
postgresql17-contrib-17.9-150200.5.25.1
postgresql17-devel-17.9-150200.5.25.1
postgresql17-docs-17.9-150200.5.25.1
postgresql17-llvmjit-17.9-150200.5.25.1
postgresql17-llvmjit-devel-17.9-150200.5.25.1
postgresql17-plperl-17.9-150200.5.25.1
postgresql17-plpython-17.9-150200.5.25.1
postgresql17-pltcl-17.9-150200.5.25.1
postgresql17-server-17.9-150200.5.25.1
postgresql17-server-devel-17.9-150200.5.25.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
postgresql17-17.9-150200.5.25.1
postgresql17-contrib-17.9-150200.5.25.1
postgresql17-devel-17.9-150200.5.25.1
postgresql17-docs-17.9-150200.5.25.1
postgresql17-llvmjit-17.9-150200.5.25.1
postgresql17-llvmjit-devel-17.9-150200.5.25.1
postgresql17-plperl-17.9-150200.5.25.1
postgresql17-plpython-17.9-150200.5.25.1
postgresql17-pltcl-17.9-150200.5.25.1
postgresql17-server-17.9-150200.5.25.1
postgresql17-server-devel-17.9-150200.5.25.1
Ссылки
- Link for SUSE-SU-2026:0787-1
- E-Mail link for SUSE-SU-2026:0787-1
- SUSE Security Ratings
- SUSE Bug 1258011
- SUSE Bug 1258754
- SUSE CVE CVE-2026-2006 page
Описание
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql17-17.9-150200.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql17-contrib-17.9-150200.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql17-devel-17.9-150200.5.25.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:postgresql17-docs-17.9-150200.5.25.1
Ссылки
- CVE-2026-2006
- SUSE Bug 1258011