{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"postgresql security update", "category":"general", "title":"Synopsis" }, { "text":"An update for postgresql is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.\n\nSecurity Fix(es):\n\nMissing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6472)\n\nInteger wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6473)\n\nExternally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6474)\n\nSymlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6475)\n\nUse of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6477)\n\nCovert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6478)\n\nUncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6479)\n\nStack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.(CVE-2026-6637)", "category":"general", "title":"Description" }, { "text":"An update for postgresql is now available for openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"postgresql", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2479", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" }, { "summary":"CVE-2026-6472", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6472&packageName=postgresql" }, { "summary":"CVE-2026-6473", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6473&packageName=postgresql" }, { "summary":"CVE-2026-6474", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6474&packageName=postgresql" }, { "summary":"CVE-2026-6475", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6475&packageName=postgresql" }, { "summary":"CVE-2026-6477", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6477&packageName=postgresql" }, { "summary":"CVE-2026-6478", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6478&packageName=postgresql" }, { "summary":"CVE-2026-6479", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6479&packageName=postgresql" }, { "summary":"CVE-2026-6637", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6637&packageName=postgresql" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6472" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6473" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6474" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6475" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6477" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6478" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6479" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6637" }, { "summary":"openEuler-SA-2026-2479 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2479.json" } ], "title":"An update for postgresql is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2026-06-03T14:46:20+08:00", "revision_history":[ { "date":"2026-06-03T14:46:20+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-03T14:46:20+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-03T14:46:20+08:00", "id":"openEuler-SA-2026-2479", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-contrib-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-contrib-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-contrib-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-debuginfo-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-debuginfo-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-debuginfo-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-debugsource-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-debugsource-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-debugsource-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-docs-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-docs-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-docs-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-llvmjit-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-llvmjit-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-llvmjit-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-plperl-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-plperl-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-plperl-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-plpython3-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-plpython3-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-plpython3-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-pltcl-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-pltcl-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-pltcl-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-private-devel-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-private-devel-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-private-devel-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-private-libs-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-private-libs-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-private-libs-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-server-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-server-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-server-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-server-devel-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-server-devel-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-server-devel-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-static-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-static-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-static-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-test-15.18-1.oe2403sp1.aarch64.rpm", "name":"postgresql-test-15.18-1.oe2403sp1.aarch64.rpm" }, "name":"postgresql-test-15.18-1.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-15.18-1.oe2403sp1.src.rpm", "name":"postgresql-15.18-1.oe2403sp1.src.rpm" }, "name":"postgresql-15.18-1.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-contrib-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-contrib-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-contrib-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-debuginfo-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-debuginfo-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-debuginfo-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-debugsource-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-debugsource-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-debugsource-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-docs-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-docs-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-docs-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-llvmjit-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-llvmjit-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-llvmjit-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-plperl-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-plperl-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-plperl-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-plpython3-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-plpython3-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-plpython3-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-pltcl-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-pltcl-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-pltcl-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-private-devel-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-private-devel-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-private-devel-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-private-libs-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-private-libs-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-private-libs-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-server-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-server-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-server-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-server-devel-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-server-devel-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-server-devel-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-static-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-static-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-static-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-test-15.18-1.oe2403sp1.x86_64.rpm", "name":"postgresql-test-15.18-1.oe2403sp1.x86_64.rpm" }, "name":"postgresql-test-15.18-1.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"postgresql-test-rpm-macros-15.18-1.oe2403sp1.noarch.rpm", "name":"postgresql-test-rpm-macros-15.18-1.oe2403sp1.noarch.rpm" }, "name":"postgresql-test-rpm-macros-15.18-1.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "name":"postgresql-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-contrib-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "name":"postgresql-contrib-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-debuginfo-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "name":"postgresql-debuginfo-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-debugsource-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "name":"postgresql-debugsource-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-docs-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "name":"postgresql-docs-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-llvmjit-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "name":"postgresql-llvmjit-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-plperl-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "name":"postgresql-plperl-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-plpython3-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "name":"postgresql-plpython3-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-pltcl-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "name":"postgresql-pltcl-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-private-devel-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "name":"postgresql-private-devel-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-private-libs-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "name":"postgresql-private-libs-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-server-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "name":"postgresql-server-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-server-devel-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "name":"postgresql-server-devel-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-static-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "name":"postgresql-static-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-test-15.18-1.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "name":"postgresql-test-15.18-1.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-15.18-1.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "name":"postgresql-15.18-1.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "name":"postgresql-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-contrib-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "name":"postgresql-contrib-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-debuginfo-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "name":"postgresql-debuginfo-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-debugsource-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "name":"postgresql-debugsource-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-docs-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "name":"postgresql-docs-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-llvmjit-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "name":"postgresql-llvmjit-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-plperl-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "name":"postgresql-plperl-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-plpython3-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "name":"postgresql-plpython3-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-pltcl-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "name":"postgresql-pltcl-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-private-devel-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "name":"postgresql-private-devel-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-private-libs-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "name":"postgresql-private-libs-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-server-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "name":"postgresql-server-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-server-devel-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "name":"postgresql-server-devel-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-static-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "name":"postgresql-static-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-test-15.18-1.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "name":"postgresql-test-15.18-1.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"postgresql-test-rpm-macros-15.18-1.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch", "name":"postgresql-test-macros-15.18-1.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-6472", "notes":[ { "text":"Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-6472" }, { "cve":"CVE-2026-6473", "notes":[ { "text":"Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6473" }, { "cve":"CVE-2026-6474", "notes":[ { "text":"Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-6474" }, { "cve":"CVE-2026-6475", "notes":[ { "text":"Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6475" }, { "cve":"CVE-2026-6477", "notes":[ { "text":"Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6477" }, { "cve":"CVE-2026-6478", "notes":[ { "text":"Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-6478" }, { "cve":"CVE-2026-6479", "notes":[ { "text":"Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6479" }, { "cve":"CVE-2026-6637", "notes":[ { "text":"Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ], "details":"postgresql security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2479" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.src", "openEuler-24.03-LTS-SP1:postgresql-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-contrib-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debuginfo-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-debugsource-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-docs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-llvmjit-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plperl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-plpython3-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-pltcl-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-private-libs-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-server-devel-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-static-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-15.18-1.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:postgresql-test-macros-15.18-1.oe2403sp1.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-6637" } ] }