Updated postgresql15 packages fix security vulnerabilities
Publication date: 19 May 2026Modification date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6472 , CVE-2026-6473 , CVE-2026-6474 , CVE-2026-6475 , CVE-2026-6476 , CVE-2026-6477 , CVE-2026-6478 , CVE-2026-6479 , CVE-2026-6575 , CVE-2026-6637 , CVE-2026-6638
Description
PostgreSQL CREATE TYPE does not check multirange schema CREATE
privilege. (CVE-2026-6472)
PostgreSQL server undersizes allocations, via integer wraparound.
(CVE-2026-6473)
PostgreSQL timeofday() can disclose portions of server memory.
(CVE-2026-6474)
PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of
origin superuser choice. (CVE-2026-6475)
PostgreSQL libpq lo_* functions let server superuser overwrite client
stack memory. (CVE-2026-6477)
PostgreSQL discloses MD5-hashed passwords via covert timing channel.
(CVE-2026-6478)
PostgreSQL SSL/GSS init causes denial of service, via uncontrolled
recursion. (CVE-2026-6479)
PostgreSQL refint allows stack buffer overflow and SQL injection.
(CVE-2026-6637)
References
- https://bugs.mageia.org/show_bug.cgi?id=35534
- https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6472
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6638
SRPMS
9/core
- postgresql15-15.18-1.mga9