This update for postgresql15 fixes the following issues
Security issues:
- CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172).
- CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173).
- CVE-2026-6474: Guard against malicious time zone names (bsc#1265174).
- CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175).
- CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177).
- CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178).
- CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179).
- CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181).
Non security issue:
- Update to version 15.18.
- Get rid of update-alternatives for openSUSE/SLE 16.0 and newer
to support immutable systems and transactional updates (jsc#PED-14823).
Patch instructions:
To install this...
Read the Full Advisory- openSUSE Leap 16.0:
postgresql15-15.18-160000.1.1
postgresql15-contrib-15.18-160000.1.1
postgresql15-devel-15.18-160000.1.1
postgresql15-docs-15.18-160000.1.1
postgresql15-llvmjit-15.18-160000.1.1
postgresql15-llvmjit-devel-15.18-160000.1.1
postgresql15-plperl-15.18-160000.1.1
postgresql15-plpython-15.18-160000.1.1
postgresql15-pltcl-15.18-160000.1.1
postgresql15-server-15.18-160000.1.1
postgresql15-server-devel-15.18-160000.1.1
postgresql15-test-15.18-160000.1.1
* bsc#1258754
* bsc#1263804
* bsc#1265172
* bsc#1265173
* bsc#1265174
* bsc#1265175
* bsc#1265177
* bsc#1265178
* bsc#1265179
* bsc#1265181
References:
* https://www.suse.com/security/cve/CVE-2026-6472.html
* https://www.suse.com/security/cve/CVE-2026-6473.html
* https://www.suse.com/security/cve/CVE-2026-6474.html
* https://www.suse.com/security/cve/CVE-2026-6475.html
* https://www.suse.com/security/cve/CVE-2026-6477.html
* https://www.suse.com/security/cve/CVE-2026-6478.html
* https://www.suse.com/security/cve/CVE-2026-6479.html
* https://www.suse.com/security/cve/CVE-2026-6637.html
Get the latest Linux and open source security news straight to your inbox.