Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
PostgreSQL Database Security Update: Avoid Code Execution
ALSA-2026:3896
Summary
PostgreSQL database users should apply a security update to prevent malicious code execution. This update fixes several potential security issues that could allow hackers to execute unauthorized code on a system. To stay protected, update your PostgreSQL database to the latest version as soon as possible.
What to do
- Update almalinux pg_repack to version 1.4.8-2.module_el9.5.0+119+18833d03.
- Update almalinux pgaudit to version 1.7.0-1.module_el9.3.0+52+21733919.
- Update almalinux postgres-decoderbufs to version 1.9.7-1.Final.module_el9.3.0+52+21733919.
- Update almalinux postgresql to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-contrib to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-docs to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-plperl to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-plpython3 to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-pltcl to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-private-devel to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-private-libs to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-server to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-server-devel to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-static to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-test to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-test-rpm-macros to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-upgrade to version 15.17-1.module_el9.7.0+214+91f631df.
- Update almalinux postgresql-upgrade-devel to version 15.17-1.module_el9.7.0+214+91f631df.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| almalinux | pg_repack | <= 1.4.8-2.module_el9.5.0+119+18833d03 | 1.4.8-2.module_el9.5.0+119+18833d03 |
| almalinux | pgaudit | <= 1.7.0-1.module_el9.3.0+52+21733919 | 1.7.0-1.module_el9.3.0+52+21733919 |
| almalinux | postgres-decoderbufs | <= 1.9.7-1.Final.module_el9.3.0+52+21733919 | 1.9.7-1.Final.module_el9.3.0+52+21733919 |
| almalinux | postgresql | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-contrib | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-docs | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-plperl | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-plpython3 | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-pltcl | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-private-devel | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-private-libs | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-server | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-server-devel | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-static | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-test | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-test-rpm-macros | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-upgrade | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
| almalinux | postgresql-upgrade-devel | <= 15.17-1.module_el9.7.0+214+91f631df | 15.17-1.module_el9.7.0+214+91f631df |
Original title
Important: postgresql:15 security update
Original description
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Security Fix(es):
* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- https://access.redhat.com/errata/RHSA-2026:3896 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
- https://bugzilla.redhat.com/2439324 Third Party Advisory
- https://bugzilla.redhat.com/2439325 Third Party Advisory
- https://bugzilla.redhat.com/2439326 Third Party Advisory
- https://errata.almalinux.org/9/ALSA-2026-3896.html Vendor Advisory
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026