OESA-2026-1494

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1494
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-1494.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-1494
Upstream
Published
2026-03-06T12:41:17Z
Modified
2026-03-06T13:15:10.268168Z
Summary
postgresql security update
Details

PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.

Security Fix(es):

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.(CVE-2026-2003)

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.(CVE-2026-2004)

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.(CVE-2026-2005)

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.(CVE-2026-2006)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / postgresql

Package

Name
postgresql
Purl
pkg:rpm/openEuler/postgresql&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.17-1.oe2403sp1

Ecosystem specific 

{
    "aarch64": [
        "postgresql-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-contrib-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-debuginfo-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-debugsource-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-docs-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-llvmjit-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-plperl-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-plpython3-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-pltcl-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-private-devel-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-private-libs-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-server-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-server-devel-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-static-15.17-1.oe2403sp1.aarch64.rpm",
        "postgresql-test-15.17-1.oe2403sp1.aarch64.rpm"
    ],
    "noarch": [
        "postgresql-test-rpm-macros-15.17-1.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "postgresql-15.17-1.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "postgresql-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-contrib-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-debuginfo-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-debugsource-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-docs-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-llvmjit-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-plperl-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-plpython3-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-pltcl-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-private-devel-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-private-libs-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-server-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-server-devel-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-static-15.17-1.oe2403sp1.x86_64.rpm",
        "postgresql-test-15.17-1.oe2403sp1.x86_64.rpm"
    ]
}

Database specific

source 
"https://repo.openeuler.org/security/data/osv/OESA-2026-1494.json"