RLSA-2026:4110

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:9

pgaudit

Package

Name: pgaudit
Purl: pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:16.0-1.module+el9.7.0+40060+39463e08

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

pgaudit

Package

Name: pgaudit
Purl: pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:16.0-1.module+el9.7.0+40012+a654bbaa

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.5.1-1.module+el9.7.0+40012+a654bbaa

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

pg_repack

Package

Name: pg_repack
Purl: pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.5.1-1.module+el9.7.0+40060+39463e08

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

pgvector

Package

Name: pgvector
Purl: pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:0.6.2-2.module+el9.7.0+40060+39463e08

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

pgvector

Package

Name: pgvector
Purl: pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:0.6.2-2.module+el9.7.0+40012+a654bbaa

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

postgis

Package

Name: postgis
Purl: pkg:rpm/rocky-linux/postgis?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:3.5.3-3.module+el9.7.0+40012+a654bbaa

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

postgres-decoderbufs

Package

Name: postgres-decoderbufs
Purl: pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.4.0-1.Final.module+el9.7.0+40060+39463e08

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"

postgres-decoderbufs

Package

Name: postgres-decoderbufs
Purl: pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.4.0-1.Final.module+el9.7.0+40012+a654bbaa

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:4110.json"