This update for postgresql15 fixes the following issues:
Update to version 15.17 (bsc#1258754).
Security issues fixed:
* CVE-2026-2003: improper validation of type "oidvector" may allow disclose a
few bytes of server memory (bsc#1258008).
* CVE-2026-2004: intarray missing validation of type of input to selectivity
estimator could lead to arbitrary code execution (bsc#1258009).
* CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions
could lead to arbitrary code execution (bsc#1258010).
* CVE-2026-2006: inadequate validation of multibyte character lengths could
lead to arbitrary code execution (bsc#1258011).
Regression fixes:
* the substring() function raises an error "invalid byte sequence for
encoding" on non-ASCII text values if the source of that value is a database
column (caused by CVE-2026-2006 fix).
* a standby may halt and return an error "could not access status of
transaction".
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-771=1 SUSE-2026-771=1
* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-771=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-771=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-771=1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql15-debuginfo-15.17-150600.16.28.1
* postgresql15-server-debuginfo-15.17-150600.16.28.1
* postgresql15-15.17-150600.16.28.1
* postgresql15-contrib-15.17-150600.16.28.1
* postgresql15-contrib-debuginfo-15.17-150600.16.28.1
* postgresql15-llvmjit-debuginfo-15.17-150600.16.28.1
* postgresql15-debugsource-15.17-150600.16.28.1
* postgresql15-plpython-15.17-150600.16.28.1
* postgresql15-plperl-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-15.17-150600.16.28.1
* postgresql15-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1
* postgresql15-plpython-debuginfo-15.17-150600.16.28.1
* postgresql15-devel-15.17-150600.16.28.1
* postgresql15-plperl-15.17-150600.16.28.1
* postgresql15-test-15.17-150600.16.28.1
* postgresql15-server-devel-15.17-150600.16.28.1
* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-llvmjit-devel-15.17-150600.16.28.1
* postgresql15-server-15.17-150600.16.28.1
*...
Read the Full Advisory* bsc#1258008
* bsc#1258009
* bsc#1258010
* bsc#1258011
* bsc#1258754
## References:
* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258008
* https://bugzilla.suse.com/show_bug.cgi?id=1258009
* https://bugzilla.suse.com/show_bug.cgi?id=1258010
* https://bugzilla.suse.com/show_bug.cgi?id=1258011
* https://bugzilla.suse.com/show_bug.cgi?id=1258754
Get the latest Linux and open source security news straight to your inbox.