MGASA-2026-0151

Source
https://advisories.mageia.org/MGASA-2026-0151.html
Import Source
https://advisories.mageia.org/MGASA-2026-0151.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0151
Upstream
  • CVE-2026-6472
  • CVE-2026-6473
  • CVE-2026-6474
  • CVE-2026-6475
  • CVE-2026-6476
  • CVE-2026-6477
  • CVE-2026-6478
  • CVE-2026-6479
  • CVE-2026-6575
  • CVE-2026-6637
  • CVE-2026-6638
Published
2026-05-19T02:46:11Z
Modified
2026-05-19T03:00:06.842990Z
Summary
Updated postgresql15 packages fix security vulnerabilities
Details

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. (CVE-2026-6472) PostgreSQL server undersizes allocations, via integer wraparound. (CVE-2026-6473) PostgreSQL timeofday() can disclose portions of server memory. (CVE-2026-6474) PostgreSQL pgbasebackup and pgrewind can overwrite unrelated files of origin superuser choice. (CVE-2026-6475) PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory. (CVE-2026-6477) PostgreSQL discloses MD5-hashed passwords via covert timing channel. (CVE-2026-6478) PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion. (CVE-2026-6479) PostgreSQL refint allows stack buffer overflow and SQL injection. (CVE-2026-6637)

References
Credits

Affected packages

Mageia:9 / postgresql15

Package

Name
postgresql15
Purl
pkg:rpm/mageia/postgresql15?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.18-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0151.json"