ALSA-2026:27738

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.

Security Fix(es):

• postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind (CVE-2026-6475)
• postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)
• postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
• postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.