PostgreSQL Database Software: Critical Security Updates Required

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

PostgreSQL Database Software: Critical Security Updates Required

ALSA-2026:4059

Summary

PostgreSQL database users need to update their software immediately to prevent hackers from executing malicious code. This critical update fixes security flaws in the database system that could allow attackers to run arbitrary code, potentially leading to data theft or system compromise. Update your PostgreSQL software as soon as possible to protect your data and systems.

What to do

Update almalinux pg_repack to version 1.4.8-1.module_el8.9.0+3706+885c732e.
Update almalinux pgaudit to version 1.7.0-1.module_el8.9.0+3706+885c732e.
Update almalinux postgres-decoderbufs to version 1.9.7-1.Final.module_el8.9.0+3706+885c732e.
Update almalinux postgresql to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-contrib to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-docs to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-plperl to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-plpython3 to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-pltcl to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-private-devel to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-private-libs to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-server to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-server-devel to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-static to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-test to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-test-rpm-macros to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-upgrade to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.
Update almalinux postgresql-upgrade-devel to version 15.17-1.module_el8.10.0+4127+dc6e3c5c.

Affected software

Original title

Important: postgresql:15 security update

Original description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

https://access.redhat.com/errata/RHSA-2026:4059 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
https://bugzilla.redhat.com/2439324 Third Party Advisory
https://bugzilla.redhat.com/2439325 Third Party Advisory
https://bugzilla.redhat.com/2439326 Third Party Advisory
https://errata.almalinux.org/8/ALSA-2026-4059.html Vendor Advisory

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026

Vendor	Product	Affected versions	Fix available
almalinux	pg_repack	<= 1.4.8-1.module_el8.9.0+3706+885c732e	1.4.8-1.module_el8.9.0+3706+885c732e
almalinux	pgaudit	<= 1.7.0-1.module_el8.9.0+3706+885c732e	1.7.0-1.module_el8.9.0+3706+885c732e
almalinux	postgres-decoderbufs	<= 1.9.7-1.Final.module_el8.9.0+3706+885c732e	1.9.7-1.Final.module_el8.9.0+3706+885c732e
almalinux	postgresql	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-contrib	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-docs	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-plperl	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-plpython3	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-pltcl	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-private-devel	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-private-libs	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-server	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-server-devel	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-static	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-test	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-test-rpm-macros	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-upgrade	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c
almalinux	postgresql-upgrade-devel	<= 15.17-1.module_el8.10.0+4127+dc6e3c5c	15.17-1.module_el8.10.0+4127+dc6e3c5c