Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE PostgreSQL15 Important SQL Injection Buffer Overflow 2026-21103-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
This openSUSE security update addresses key vulnerabilities in postgresql15 with solutions and fixes available.
An update that solves 8 vulnerabilities and has 10 bug fixes can now be installed.

Description

This update for postgresql15 fixes the following issues

Security issues:

- CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172).

- CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173).

- CVE-2026-6474: Guard against malicious time zone names (bsc#1265174).

- CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175).

- CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177).

- CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178).

- CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179).

- CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181).

Non security issue:

- Update to version 15.18.

- Get rid of update-alternatives for openSUSE/SLE 16.0 and newer

to support immutable systems and transactional updates (jsc#PED-14823).

Patch instructions:

To install this...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

postgresql15-15.18-160000.1.1

postgresql15-contrib-15.18-160000.1.1

postgresql15-devel-15.18-160000.1.1

postgresql15-docs-15.18-160000.1.1

postgresql15-llvmjit-15.18-160000.1.1

postgresql15-llvmjit-devel-15.18-160000.1.1

postgresql15-plperl-15.18-160000.1.1

postgresql15-plpython-15.18-160000.1.1

postgresql15-pltcl-15.18-160000.1.1

postgresql15-server-15.18-160000.1.1

postgresql15-server-devel-15.18-160000.1.1

postgresql15-test-15.18-160000.1.1

References

* bsc#1258754

* bsc#1263804

* bsc#1265172

* bsc#1265173

* bsc#1265174

* bsc#1265175

* bsc#1265177

* bsc#1265178

* bsc#1265179

* bsc#1265181

References:

* https://www.suse.com/security/cve/CVE-2026-6472.html

* https://www.suse.com/security/cve/CVE-2026-6473.html

* https://www.suse.com/security/cve/CVE-2026-6474.html

* https://www.suse.com/security/cve/CVE-2026-6475.html

* https://www.suse.com/security/cve/CVE-2026-6477.html

* https://www.suse.com/security/cve/CVE-2026-6478.html

* https://www.suse.com/security/cve/CVE-2026-6479.html

* https://www.suse.com/security/cve/CVE-2026-6637.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21103-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here