Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

SUSE PostgreSQL16 Key Update Vulnerability Mitigation SUSE-SU-2026-0883-1

suse
Calendar Grey March 12, 2026
Dist Suse Esm H88
SUSE issue an important security advisory for postgresql16 fixing issues including arbitrary code execution.
An update that solves four vulnerabilities and has one security fix can now be installed.

Summary

## This update for postgresql16 fixes the following issues: Update to version 16.13 (bsc#1258754). Security issues fixed: * CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory (bsc#1258008). * CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). * CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). * CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: * the substring() function raises an error "invalid byte sequence for encoding" on non-ASCII text values if the source of that value is a database

Topics%20covered

Topics Covered

security advisory SuSE buffer overrun arbitrary code execution important postgresql16

References

* bsc#1258008

* bsc#1258009

* bsc#1258010

* bsc#1258011

* bsc#1258754

Cross-

* CVE-2026-2003

* CVE-2026-2004

* CVE-2026-2005

* CVE-2026-2006

CVSS scores:

* CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0882-1
Release Date: 2026-03-12T10:19:44Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE buffer overrun arbitrary code execution important postgresql16

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here