CLSA-2026-1779494089

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779494089

Upstream

CVE-2026-6473

CVE-2026-6474

CVE-2026-6475

CVE-2026-6477

CVE-2026-6478

CVE-2026-6479

CVE-2026-6637

Published

2026-05-22T23:54:53Z

Modified

2026-06-04T09:47:21.942770177Z

Summary

Fix of 7 CVEs

Details

SECURITY UPDATE: PostgreSQL 2026-05-14 security batch (CVE-2026-6473, 6474, 6475, 6477, 6478, 6479, 6637). Backports adapted from upstream REL14STABLE to PG 12 source.
- debian/patches/CVE-2026-6473.patch: integer wraparound in tsheadline and ltree lquery parsing; bound StartSel/StopSel/FragmentDelimiter to PGINT16MAX and add overflow checks in parselquery (no pgaddu16overflow() in PG 12, manual PGUINT16MAX compare).
- debian/patches/CVE-2026-6474.patch: externally-controlled format string in timeofday() via pgstrftime() with crafted timezones; guard against unsafe conditions.
- debian/patches/CVE-2026-6475.patch: symlink following in pgbasebackup plain format and in pgrewind allowing origin superuser to overwrite local files.
- debian/patches/CVE-2026-6477.patch: mark PQfn() unsafe and fix overrun in libpq loexport/loread/lolseek64/lotell64 frontend LO interface.
- debian/patches/CVE-2026-6478.patch: covert timing channel in MD5 password comparison; replace memcmp with timingsafe_bcmp in SCRAM and MD5 password verification paths.
- debian/patches/CVE-2026-6479.patch: uncontrolled recursion in ProcessStartupPacket() via alternating SSL/GSS negotiation requests.
- debian/patches/CVE-2026-6637.patch: stack buffer overflow in the refint contrib module with attacker-controlled column names.
- CVE-2026-6473
- CVE-2026-6474
- CVE-2026-6475
- CVE-2026-6477
- CVE-2026-6478
- CVE-2026-6479
- CVE-2026-6637

References

https://errata.tuxcare.com/els_os/ubuntu20.04els/CLSA-2026-1779494089.html

Affected packages

TuxCare:Ubuntu:20.04

libecpg-compat3

Package

Name: libecpg-compat3
Purl: pkg:deb/tuxcare/libecpg-compat3?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

libecpg-dev

Package

Name: libecpg-dev
Purl: pkg:deb/tuxcare/libecpg-dev?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

libecpg6

Package

Name: libecpg6
Purl: pkg:deb/tuxcare/libecpg6?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

libpgtypes3

Package

Name: libpgtypes3
Purl: pkg:deb/tuxcare/libpgtypes3?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

libpq-dev

Package

Name: libpq-dev
Purl: pkg:deb/tuxcare/libpq-dev?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

libpq5

Package

Name: libpq5
Purl: pkg:deb/tuxcare/libpq5?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-12

Package

Name: postgresql-12
Purl: pkg:deb/tuxcare/postgresql-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-client-12

Package

Name: postgresql-client-12
Purl: pkg:deb/tuxcare/postgresql-client-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-doc-12

Package

Name: postgresql-doc-12
Purl: pkg:deb/tuxcare/postgresql-doc-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-plperl-12

Package

Name: postgresql-plperl-12
Purl: pkg:deb/tuxcare/postgresql-plperl-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-plpython3-12

Package

Name: postgresql-plpython3-12
Purl: pkg:deb/tuxcare/postgresql-plpython3-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-pltcl-12

Package

Name: postgresql-pltcl-12
Purl: pkg:deb/tuxcare/postgresql-pltcl-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"

postgresql-server-dev-12

Package

Name: postgresql-server-dev-12
Purl: pkg:deb/tuxcare/postgresql-server-dev-12?distro=ubuntu-20.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22-0ubuntu0.20.04.4+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1779494089.json"