## This update for postgresql18 fixes the following issues: * Update to version 18.3. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) * CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. (bsc#1258012) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
* bsc#1258008
* bsc#1258009
* bsc#1258010
* bsc#1258011
* bsc#1258012
* bsc#1258754
Cross-
* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006
* CVE-2026-2007
CVSS scores:
* CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.