This update for postgresql17 fixes the following issues:
- Update to version 17.9. (bsc#1258754)
- CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008)
- CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009)
- CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010)
- CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-406=1
- openSUSE Leap 16.0:
postgresql17-17.9-160000.1.1
postgresql17-contrib-17.9-160000.1.1
postgresql17-devel-17.9-160000.1.1
postgresql17-docs-17.9-160000.1.1
postgresql17-llvmjit-17.9-160000.1.1
postgresql17-llvmjit-devel-17.9-160000.1.1
postgresql17-plperl-17.9-160000.1.1
postgresql17-plpython-17.9-160000.1.1
postgresql17-pltcl-17.9-160000.1.1
postgresql17-server-17.9-160000.1.1
postgresql17-server-devel-17.9-160000.1.1
postgresql17-test-17.9-160000.1.1
* bsc#1258008
* bsc#1258009
* bsc#1258010
* bsc#1258011
* bsc#1258754
References:
* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html
Get the latest Linux and open source security news straight to your inbox.