Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Leap 16.0 PostgreSQL17 Important Security Update 2026-20388-1

opensuse
Calendar Grey March 25, 2026
Dist Opensuse Esm H88
Available now are important updates for openSUSE Leap 16.0, addressing critical security issues in postgresql17.
An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for postgresql17 fixes the following issues:

- Update to version 17.9. (bsc#1258754)

- CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008)

- CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009)

- CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010)

- CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-406=1

Patch

Package List

- openSUSE Leap 16.0:

postgresql17-17.9-160000.1.1

postgresql17-contrib-17.9-160000.1.1

postgresql17-devel-17.9-160000.1.1

postgresql17-docs-17.9-160000.1.1

postgresql17-llvmjit-17.9-160000.1.1

postgresql17-llvmjit-devel-17.9-160000.1.1

postgresql17-plperl-17.9-160000.1.1

postgresql17-plpython-17.9-160000.1.1

postgresql17-pltcl-17.9-160000.1.1

postgresql17-server-17.9-160000.1.1

postgresql17-server-devel-17.9-160000.1.1

postgresql17-test-17.9-160000.1.1

References

* bsc#1258008

* bsc#1258009

* bsc#1258010

* bsc#1258011

* bsc#1258754

References:

* https://www.suse.com/security/cve/CVE-2026-2003.html

* https://www.suse.com/security/cve/CVE-2026-2004.html

* https://www.suse.com/security/cve/CVE-2026-2005.html

* https://www.suse.com/security/cve/CVE-2026-2006.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20388-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here