Important: postgresql16 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3887", "synopsis": "Important: postgresql16 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for postgresql16.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n\n* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n\n* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2439326", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439326", "description": ""}, {"ticket": "2439324", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439324", "description": ""}, {"ticket": "2439325", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2439325", "description": ""}, {"ticket": "2439322", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2439322", "description": ""}], "cves": [{"name": "CVE-2026-2003", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2003", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-1287"}, {"name": "CVE-2026-2004", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2004", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-1287"}, {"name": "CVE-2026-2005", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2005", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-120"}, {"name": "CVE-2026-2006", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-2006", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-1285"}], "references": [], "publishedAt": "2026-03-06T06:05:39.257934Z", "rpms": {"Rocky Linux 10": {"nvras": ["postgresql-contrib-0:16.13-1.el10_1.aarch64.rpm", "postgresql-plperl-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-docs-0:16.13-1.el10_1.aarch64.rpm", "postgresql-contrib-0:16.13-1.el10_1.s390x.rpm", "postgresql-upgrade-0:16.13-1.el10_1.s390x.rpm", "postgresql-pltcl-0:16.13-1.el10_1.s390x.rpm", "postgresql-docs-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-static-0:16.13-1.el10_1.s390x.rpm", "postgresql-pltcl-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-pltcl-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-server-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-private-libs-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-private-libs-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-upgrade-0:16.13-1.el10_1.x86_64.rpm", "postgresql-plpython3-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plperl-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql16-debugsource-0:16.13-1.el10_1.ppc64le.rpm","postgresql-pltcl-0:16.13-1.el10_1.x86_64.rpm", "postgresql-upgrade-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-upgrade-devel-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-docs-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plperl-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-server-devel-0:16.13-1.el10_1.s390x.rpm", "postgresql-server-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-test-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-server-devel-0:16.13-1.el10_1.aarch64.rpm", "postgresql-contrib-0:16.13-1.el10_1.x86_64.rpm", "postgresql16-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-upgrade-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-contrib-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-server-devel-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plperl-0:16.13-1.el10_1.s390x.rpm", "postgresql-upgrade-devel-0:16.13-1.el10_1.s390x.rpm", "postgresql-server-devel-0:16.13-1.el10_1.x86_64.rpm", "postgresql-test-0:16.13-1.el10_1.s390x.rpm", "postgresql-server-0:16.13-1.el10_1.x86_64.rpm", "postgresql-private-libs-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-server-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-docs-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-docs-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-contrib-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-server-devel-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-test-0:16.13-1.el10_1.aarch64.rpm", "postgresql-plpython3-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-docs-0:16.13-1.el10_1.s390x.rpm", "postgresql-plperl-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql16-0:16.13-1.el10_1.src.rpm", "postgresql-plpython3-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-pltcl-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-private-devel-0:16.13-1.el10_1.x86_64.rpm", "postgresql-private-devel-0:16.13-1.el10_1.s390x.rpm", "postgresql-private-libs-0:16.13-1.el10_1.aarch64.rpm","postgresql-test-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-server-0:16.13-1.el10_1.aarch64.rpm", "postgresql16-debugsource-0:16.13-1.el10_1.x86_64.rpm", "postgresql-private-libs-0:16.13-1.el10_1.x86_64.rpm", "postgresql-docs-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-upgrade-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-upgrade-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-upgrade-devel-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-static-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-test-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-test-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plpython3-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-server-devel-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-upgrade-0:16.13-1.el10_1.aarch64.rpm", "postgresql16-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-upgrade-devel-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plperl-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-upgrade-devel-0:16.13-1.el10_1.x86_64.rpm", "postgresql-static-0:16.13-1.el10_1.aarch64.rpm", "postgresql-docs-0:16.13-1.el10_1.x86_64.rpm", "postgresql-test-rpm-macros-0:16.13-1.el10_1.noarch.rpm", "postgresql-server-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-private-libs-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-contrib-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-test-0:16.13-1.el10_1.x86_64.rpm", "postgresql-plpython3-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-server-devel-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-plperl-0:16.13-1.el10_1.aarch64.rpm", "postgresql-private-devel-0:16.13-1.el10_1.aarch64.rpm", "postgresql-contrib-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-0:16.13-1.el10_1.s390x.rpm", "postgresql-test-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-pltcl-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-server-devel-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-plpython3-0:16.13-1.el10_1.x86_64.rpm","postgresql-plperl-0:16.13-1.el10_1.x86_64.rpm", "postgresql16-debugsource-0:16.13-1.el10_1.aarch64.rpm", "postgresql-0:16.13-1.el10_1.x86_64.rpm", "postgresql-server-0:16.13-1.el10_1.s390x.rpm", "postgresql-0:16.13-1.el10_1.ppc64le.rpm", "postgresql16-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-debuginfo-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-upgrade-devel-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-0:16.13-1.el10_1.aarch64.rpm", "postgresql-pltcl-0:16.13-1.el10_1.aarch64.rpm", "postgresql-server-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-upgrade-devel-debuginfo-0:16.13-1.el10_1.x86_64.rpm", "postgresql-contrib-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-plpython3-0:16.13-1.el10_1.aarch64.rpm", "postgresql16-debugsource-0:16.13-1.el10_1.s390x.rpm", "postgresql-private-libs-0:16.13-1.el10_1.s390x.rpm", "postgresql-upgrade-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-upgrade-devel-0:16.13-1.el10_1.aarch64.rpm", "postgresql16-debuginfo-0:16.13-1.el10_1.aarch64.rpm", "postgresql-debuginfo-0:16.13-1.el10_1.s390x.rpm", "postgresql-pltcl-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-static-0:16.13-1.el10_1.x86_64.rpm", "postgresql-plpython3-0:16.13-1.el10_1.s390x.rpm", "postgresql-private-devel-0:16.13-1.el10_1.ppc64le.rpm", "postgresql-private-libs-debuginfo-0:16.13-1.el10_1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore critical security updates for postgresql16 on Rocky Linux addressing multiple code execution risks.. postgresql update, Rocky Linux patches, security advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.