[CLSA-2026:1779389543] Fix of 6 CVEs
Type:
security
Severity:
Low
Release date:
2026-05-21 18:52:27 UTC
Description:
* SECURITY UPDATE: integer wraparound on 32-bit systems in palloc() callers - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc() callers - CVE-2026-6473 * SECURITY UPDATE: format-string memory disclosure in timeofday() via crafted timezones - debian/patches/CVE-2026-6474.patch: format-string memory disclosure in timeofday() via crafted timezones - CVE-2026-6474 * SECURITY UPDATE: path traversal in pg_rewind allows origin superuser to overwrite local files - debian/patches/CVE-2026-6475.patch: path traversal in pg_rewind allows origin superuser to overwrite local files - CVE-2026-6475 * SECURITY UPDATE: stack buffer overrun in libpq PQfn() (lo_read/lo_lseek64/lo_tell64) - debian/patches/CVE-2026-6477.patch: stack buffer overrun in libpq PQfn() (lo_read/lo_lseek64/lo_tell64) - CVE-2026-6477 * SECURITY UPDATE: covert timing channel in MD5 password comparison - debian/patches/CVE-2026-6478.patch: covert timing channel in MD5 password comparison - CVE-2026-6478 * SECURITY UPDATE: SQL injection and stack buffer overruns in refint contrib module - debian/patches/CVE-2026-6637.patch: SQL injection and stack buffer overruns in refint contrib module - CVE-2026-6637
Updated packages:
  • libecpg-compat3_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:e239e6fb09d55f54c071bc3a0a6311c4c7fd8b8f
  • libecpg-dev_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:195d3deae4f878402fd46f1013bcbdcd7c3aad62
  • libecpg6_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:e2cac60094dd119b66a036e9ea6e5eb326fd62c7
  • libpgtypes3_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:df3c47d835935a860052a44624736e9e76c09f3e
  • libpq-dev_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:da2fa9ac89f532d6e63659351a5f465fef4519a9
  • libpq5_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:b9608aa5e7e605e9a20c7945c7dbb3ba617a25b1
  • postgresql-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:bf2b231a2a260e5211f0a6cb7f60bc7dbbfee55f
  • postgresql-client-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:e58a06eab93c96ac2b21d9aefb41937a49a1efdd
  • postgresql-doc-11_11.22-0+deb10u2+tuxcare.els2_all.deb
    sha:51273866bca4902bd3aebe1583bb315bc5a93922
  • postgresql-plperl-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:33bdb8f3a016b5b1392f5c93ffb8b7a211b43459
  • postgresql-plpython-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:9726bec48e375ef8133c58ce2c6961392264749e
  • postgresql-plpython3-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:8167ddc8357de06eded4c2ea23bcb51e3047c2c0
  • postgresql-pltcl-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:32de004e3784a7798a835f2fed92f7a960bbe0ff
  • postgresql-server-dev-11_11.22-0+deb10u2+tuxcare.els2_amd64.deb
    sha:b69c034f3d52854d8af7009f4b5a75ca8dad26ae
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.