Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE Leap 15.6 PostgreSQL 15 Urgent Fixes for CVEs 2026-2007 to 2010

opensuse
Calendar Grey March 3, 2026
Dist Opensuse Esm H88
This important update for openSUSE addresses four issues in PostgreSQL 15, preventing possible code execution and memory disclosure.
An update that solves four vulnerabilities and has one security fix can now be installed.

Description

This update for postgresql15 fixes the following issues:

Update to version 15.17 (bsc#1258754).

Security issues fixed:

* CVE-2026-2003: improper validation of type "oidvector" may allow disclose a

few bytes of server memory (bsc#1258008).

* CVE-2026-2004: intarray missing validation of type of input to selectivity

estimator could lead to arbitrary code execution (bsc#1258009).

* CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions

could lead to arbitrary code execution (bsc#1258010).

* CVE-2026-2006: inadequate validation of multibyte character lengths could

lead to arbitrary code execution (bsc#1258011).

Regression fixes:

* the substring() function raises an error "invalid byte sequence for

encoding" on non-ASCII text values if the source of that value is a database

column (caused by CVE-2026-2006 fix).

* a standby may halt and return an error "could not access status of

transaction".

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2026-771=1 SUSE-2026-771=1

* Legacy Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-771=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-771=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-771=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* postgresql15-debuginfo-15.17-150600.16.28.1

* postgresql15-server-debuginfo-15.17-150600.16.28.1

* postgresql15-15.17-150600.16.28.1

* postgresql15-contrib-15.17-150600.16.28.1

* postgresql15-contrib-debuginfo-15.17-150600.16.28.1

* postgresql15-llvmjit-debuginfo-15.17-150600.16.28.1

* postgresql15-debugsource-15.17-150600.16.28.1

* postgresql15-plpython-15.17-150600.16.28.1

* postgresql15-plperl-debuginfo-15.17-150600.16.28.1

* postgresql15-pltcl-15.17-150600.16.28.1

* postgresql15-devel-debuginfo-15.17-150600.16.28.1

* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1

* postgresql15-plpython-debuginfo-15.17-150600.16.28.1

* postgresql15-devel-15.17-150600.16.28.1

* postgresql15-plperl-15.17-150600.16.28.1

* postgresql15-test-15.17-150600.16.28.1

* postgresql15-server-devel-15.17-150600.16.28.1

* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1

* postgresql15-llvmjit-devel-15.17-150600.16.28.1

* postgresql15-server-15.17-150600.16.28.1

*...

Read the Full Advisory

References

* bsc#1258008

* bsc#1258009

* bsc#1258010

* bsc#1258011

* bsc#1258754

## References:

* https://www.suse.com/security/cve/CVE-2026-2003.html

* https://www.suse.com/security/cve/CVE-2026-2004.html

* https://www.suse.com/security/cve/CVE-2026-2005.html

* https://www.suse.com/security/cve/CVE-2026-2006.html

* https://bugzilla.suse.com/show_bug.cgi?id=1258008

* https://bugzilla.suse.com/show_bug.cgi?id=1258009

* https://bugzilla.suse.com/show_bug.cgi?id=1258010

* https://bugzilla.suse.com/show_bug.cgi?id=1258011

* https://bugzilla.suse.com/show_bug.cgi?id=1258754

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0771-1
Release Date: 2026-03-03T13:13:57Z
Affected Products: * Legacy Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here