Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE PostgreSQL16 Important Security Issues Resolved 2026-21104-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
Addressing multiple vulnerabilities in postgresql16, this openSUSE update emphasizes critical fixes and enhancements.
An update that solves 9 vulnerabilities and has 10 bug fixes can now be installed.

Description

This update for postgresql16 fixes the following issues

Security issues:

- CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172).

- CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173).

- CVE-2026-6474: Guard against malicious time zone names (bsc#1265174).

- CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175).

- CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177).

- CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178).

- CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179).

- CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181).

- CVE-2026-6638: Properly quote object names in logical replication origin checks (bsc#1265182).

Non security issue:

- Update to version 16.13.

- Get rid of update-alternatives for openSUSE/SLE 16.0 and newer

to support...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

postgresql16-16.14-160000.1.1

postgresql16-contrib-16.14-160000.1.1

postgresql16-devel-16.14-160000.1.1

postgresql16-docs-16.14-160000.1.1

postgresql16-llvmjit-16.14-160000.1.1

postgresql16-llvmjit-devel-16.14-160000.1.1

postgresql16-plperl-16.14-160000.1.1

postgresql16-plpython-16.14-160000.1.1

postgresql16-pltcl-16.14-160000.1.1

postgresql16-server-16.14-160000.1.1

postgresql16-server-devel-16.14-160000.1.1

postgresql16-test-16.14-160000.1.1

References

* bsc#1263804

* bsc#1265172

* bsc#1265173

* bsc#1265174

* bsc#1265175

* bsc#1265177

* bsc#1265178

* bsc#1265179

* bsc#1265181

* bsc#1265182

References:

* https://www.suse.com/security/cve/CVE-2026-6472.html

* https://www.suse.com/security/cve/CVE-2026-6473.html

* https://www.suse.com/security/cve/CVE-2026-6474.html

* https://www.suse.com/security/cve/CVE-2026-6475.html

* https://www.suse.com/security/cve/CVE-2026-6477.html

* https://www.suse.com/security/cve/CVE-2026-6478.html

* https://www.suse.com/security/cve/CVE-2026-6479.html

* https://www.suse.com/security/cve/CVE-2026-6637.html

* https://www.suse.com/security/cve/CVE-2026-6638.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21104-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here