Red Hat Product Errata RHSA-2026:24348 - Security Advisory
Issued:
2026-06-08
Updated:
2026-06-08

RHSA-2026:24348 - Security Advisory

Synopsis

Important: postgresql-jdbc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.

Security Fix(es):

  • jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication (CVE-2026-42198)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

Fixes

  • BZ - 2463857 - CVE-2026-42198 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

Red Hat Enterprise Linux for x86_64 10

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
x86_64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
x86_64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
s390x
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
s390x
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for Power, little endian 10

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
ppc64le
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
ppc64le
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for ARM 64 10

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
aarch64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
aarch64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
aarch64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
s390x
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
ppc64le
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
x86_64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
x86_64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
aarch64
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
ppc64le
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
postgresql-jdbc-42.7.2-1.el10_2.2.src.rpm SHA-256: 7a9375b1fc992ffe5b287d8ded3bb5d1758125fce010d7750541fc672aa56e75
s390x
postgresql-jdbc-42.7.2-1.el10_2.2.noarch.rpm SHA-256: a0523745c0478a305e68d3029775e3bd4fe94e60bc75289721e822e3a3290d19

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.