{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "11.22.tuxcare.els10-r0:\n - CVE-2026-6477\n - CVE-2026-6478", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_docker/alpinelinux3.23/advisories/2026/clsa-2026_1780497902.json" } ], "tracking": { "current_release_date": "2026-06-03T14:47:09Z", "generator": { "date": "2026-06-03T14:47:09Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1780497902", "initial_release_date": "2026-06-03T14:47:09Z", "revision_history": [ { "date": "2026-06-03T14:47:09Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "postgresql11: Fix of 5 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.23", "product": { "name": "Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.23:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "postgresql11-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-doc@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-contrib@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plperl-contrib@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plpython3@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-pltcl@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-openrc@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-dev@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plpython3-contrib@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-client@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "product": { "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "product_id": "postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plperl@11.22.tuxcare.els10-rr0?arch=aarch64&os_name=alpine&os_version=3.23" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "postgresql11-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-doc@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-contrib@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plperl-contrib@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plpython3@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-pltcl@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-openrc@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-dev@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plpython3-contrib@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-client@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } }, { "category": "product_version", "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "product": { "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "product_id": "postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/postgresql11-plperl@11.22.tuxcare.els10-rr0?arch=x86_64&os_name=alpine&os_version=3.23" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "postgresql11-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-client-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-client-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64" }, "product_reference": "postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.23" }, { "category": "default_component_of", "full_product_name": { "name": "postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64 as a component of Alpine Linux 3.23", "product_id": "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64" }, "product_reference": "postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.23" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-6637", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" }, "notes": [ { "category": "description", "text": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-docker/cve/CVE-2026-6637" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6637/", "url": "https://www.postgresql.org/support/security/CVE-2026-6637/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-03T14:45:10.505298Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "product_ids": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6474", "cwe": { "id": "CWE-134", "name": "Use of Externally-Controlled Format String" }, "notes": [ { "category": "description", "text": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-docker/cve/CVE-2026-6474" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6474/", "url": "https://www.postgresql.org/support/security/CVE-2026-6474/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-03T14:45:10.505298Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "product_ids": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6477", "cwe": { "id": "CWE-242", "name": "Use of Inherently Dangerous Function" }, "notes": [ { "category": "description", "text": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-docker/cve/CVE-2026-6477" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6477/", "url": "https://www.postgresql.org/support/security/CVE-2026-6477/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-03T14:45:10.505298Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "product_ids": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6478", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "notes": [ { "category": "description", "text": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-docker/cve/CVE-2026-6478" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6478/", "url": "https://www.postgresql.org/support/security/CVE-2026-6478/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-03T14:45:10.505298Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "product_ids": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-6475", "cwe": { "id": "CWE-61", "name": "UNIX Symbolic Link (Symlink) Following" }, "notes": [ { "category": "description", "text": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-docker/cve/CVE-2026-6475" }, { "category": "external", "summary": "https://www.postgresql.org/support/security/CVE-2026-6475/", "url": "https://www.postgresql.org/support/security/CVE-2026-6475/" } ], "release_date": "2026-05-14T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-03T14:45:10.505298Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902", "product_ids": [ "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-client-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-dev-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-doc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-openrc-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plperl-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-plpython3-contrib-11.22.tuxcare.els10-rr0.x86_64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.aarch64", "Alpine-Linux-3.23:postgresql11-pltcl-11.22.tuxcare.els10-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els-docker/releases/CLSA-2026:1780497902" } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }