Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Postgresql16 Important SQL Injection Buffer Overflow Vuln 2026-1942-1

suse
Calendar Grey May 18, 2026
Dist Suse Esm H88
SUSE's update resolves nine issues in postgresql16, enhancing security and fixing vulnerabilities. Install now.
An update that solves nine vulnerabilities, contains one feature and has one security fix can now be installed.

Summary

## This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: * CVE-2026-6472: ensure the user has CREATE privilege on the schema specified (bsc#1265172). * CVE-2026-6473: integer overflows in memory-allocation calculations (bsc#1265173). * CVE-2026-6474: Guard against malicious time zone names (bsc#1265174). * CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind (bsc#1265175). * CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq (bsc#1265177). * CVE-2026-6478: Use timing-safe string comparisons in authentication code (bsc#1265178). * CVE-2026-6479: Prevent unbounded recursion while processing startup packets (bsc#1265179). * CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi (bsc#1265181).

Topics%20covered

Topics Covered

security advisory SQL Injection buffer overflow SuSE important postgresql16

References

* bsc#1263804

* bsc#1265172

* bsc#1265173

* bsc#1265174

* bsc#1265175

* bsc#1265177

* bsc#1265178

* bsc#1265179

* bsc#1265181

* bsc#1265182

* jsc#PED-14824

Cross-

* CVE-2026-6472

* CVE-2026-6473

* CVE-2026-6474

* CVE-2026-6475

* CVE-2026-6477

* CVE-2026-6478

* CVE-2026-6479

* CVE-2026-6637

* CVE-2026-6638

CVSS scores:

* CVE-2026-6472 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2026-6472 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2026-6473 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-6473 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-6474 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-6474 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1942-1
Release Date: 2026-05-18T07:46:20Z
Rating: important

Topics%20covered

Topics Covered

security advisory SQL Injection buffer overflow SuSE important postgresql16

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here