CLSA-2026-1779880647

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779880647
Upstream
  • CVE-2026-6473
  • CVE-2026-6474
  • CVE-2026-6475
  • CVE-2026-6477
  • CVE-2026-6478
  • CVE-2026-6637
Published
2026-05-27T11:18:48Z
Modified
2026-06-04T09:47:29.714155530Z
Summary
Fix of 6 CVEs
Details
  • SECURITY UPDATE: postgresql May-2026 CVE batch
    • debian/patches/CVE-2026-6473.patch: integer overflow fixes across multiple vulnerable sites: hstoreplperl/hstoreplpython palloc sizing (mulsize), arrayagg() nitems overflow, intarray/ltxtquery findoprnd() left-offset overflow, ltree lquery numvar/totallen overflow, and tsheadline option length overflow.
    • debian/patches/CVE-2026-6474.patch: guard pgstrftime() callers and ensure null-terminated output on overflow, plus split timeofday() pgstrftime so the %Z timezone string is never embedded as a format string in subsequent snprintf().
    • debian/patches/CVE-2026-6475.patch: prevent path traversal in pgrewind file operations via pathissafeforextraction() helper.
    • debian/patches/CVE-2026-6477.patch: harden PQfn()/pqFunctionCall3() against server-controlled buffer overruns in libpq large-object interface.
    • debian/patches/CVE-2026-6478.patch: add timingsafe_bcmp() helper and apply to MD5/SCRAM/RADIUS/plain auth-paths to prevent timing-channel leaks.
    • debian/patches/CVE-2026-6637.patch: switch refint contrib checkforeignkey to StringInfo and quoteliteralcstr() to prevent SQL injection and stack buffer overruns.
    • CVE-2026-6473
    • CVE-2026-6474
    • CVE-2026-6475
    • CVE-2026-6477
    • CVE-2026-6478
    • CVE-2026-6637
  • debian/patches/fix-regress-tzdata-LMT.patch: refresh src/test/regress expected output for date, timestamptz and horology tests so that they match the LMT abbreviation emitted by current tzdata for pre-1883 America/Los_Angeles dates.
References

Affected packages

TuxCare:Ubuntu:18.04
libecpg-compat3

Package

Name
libecpg-compat3
Purl
pkg:deb/tuxcare/libecpg-compat3?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
libecpg-dev

Package

Name
libecpg-dev
Purl
pkg:deb/tuxcare/libecpg-dev?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
libecpg6

Package

Name
libecpg6
Purl
pkg:deb/tuxcare/libecpg6?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
libpgtypes3

Package

Name
libpgtypes3
Purl
pkg:deb/tuxcare/libpgtypes3?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
libpq-dev

Package

Name
libpq-dev
Purl
pkg:deb/tuxcare/libpq-dev?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
libpq5

Package

Name
libpq5
Purl
pkg:deb/tuxcare/libpq5?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-10

Package

Name
postgresql-10
Purl
pkg:deb/tuxcare/postgresql-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-client-10

Package

Name
postgresql-client-10
Purl
pkg:deb/tuxcare/postgresql-client-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-doc-10

Package

Name
postgresql-doc-10
Purl
pkg:deb/tuxcare/postgresql-doc-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-plperl-10

Package

Name
postgresql-plperl-10
Purl
pkg:deb/tuxcare/postgresql-plperl-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-plpython-10

Package

Name
postgresql-plpython-10
Purl
pkg:deb/tuxcare/postgresql-plpython-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-plpython3-10

Package

Name
postgresql-plpython3-10
Purl
pkg:deb/tuxcare/postgresql-plpython3-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-pltcl-10

Package

Name
postgresql-pltcl-10
Purl
pkg:deb/tuxcare/postgresql-pltcl-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"
postgresql-server-dev-10

Package

Name
postgresql-server-dev-10
Purl
pkg:deb/tuxcare/postgresql-server-dev-10?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.23-0ubuntu0.18.04.2+tuxcare.els6

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1779880647.json"