SUSE-SU-2026:0585-1

Details

This update for postgresql18 fixes the following issues:

Update to version 18.2.

Security issues fixed:

CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008).
CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009).
CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010).
CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011).
CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012).

Affected Packages

libecpg6

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in:

18.2-8.6.1

libecpg6-32bit

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in:

18.2-8.6.1

libpq5

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in: