Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:32994 - Security Advisory
Issued:
2026-06-29
Updated:
2026-06-29

RHSA-2026:32994 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: postgresql:13 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)
  • postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)
  • postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
  • postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64

Fixes

  • BZ - 2477439 - CVE-2026-6475 postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
  • BZ - 2477442 - CVE-2026-6477 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
  • BZ - 2477447 - CVE-2026-6478 postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
  • BZ - 2477448 - CVE-2026-6473 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

CVEs

  • CVE-2026-6473
  • CVE-2026-6475
  • CVE-2026-6477
  • CVE-2026-6478

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.6

SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.23-1.module+el8.6.0+24447+7305b672.3.src.rpm SHA-256: e169767576e71e128c3c7322c99abafc5cd1eaeffcbe7c55c4864be5e814dcb5
x86_64
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: ca85a22006bcc34f5c248b316e7cd4f4e85dd9b567d2c981f74d379062c844b4
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: 557512e3ee00e5a6d5ff46d4443efd853f36d6030c9ed8776c0915d29d081f60
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: ab85bdfa7d6d9b2e50f316880881239ce99e0915979a65b144349b95b844fa6b
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 0ee2cdf7b40988a40a70294764149d58ef44f12b69ac85752465444a5b011340
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: ed444ce541962f85a37cae58466a203788f69a184d7dbeec159d7b424ab0ff8c
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 3092f6f3bd32f8b30489fed2aad9d9884f77da6872a53d6b183a49b0224e7d91
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: c2d5f6f1d41fd29098090d75b4927696fc01450d42ae75311c14056e574645c0
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 7275a1229edefdcf0df138ea35e317fb9143461c6122cb4c8a3ec2821f5e1b65
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: c7145f0c47def50c037cd2694d408fa03627e7581a1303e8d7ccfb5cf47918e6
postgresql-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c58123fee5042d4f3fc4af9057205d2e5e7749ef8e83ae9329e483803c8dc00e
postgresql-contrib-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c32214057e57175d6006cbdd0411eabfca6e0570c5780e12cabc6661e26d5207
postgresql-contrib-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 7e02f97aa7afbc53768c71c6e00de8dce96a45e6d8415e47fffdbb7099ce51af
postgresql-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 4dc20d36c35e3a82b3fb7d3fea7ac1c7c97da1ab0513d76c6de991c76734d9c3
postgresql-debugsource-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 7d53f4ab287e83ec266e49abf0d67bda71a8f536ece22e4ea6e23aa880a1aaeb
postgresql-docs-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 4e734a786c1ff254df67294ee9c17c6f76b85bfed1c3849961d24945fc106fe4
postgresql-docs-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c0204fb8d8e26f5eebe260cdf2ea7ef8b6ed889fbef783b245f5288f067af865
postgresql-plperl-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 3105687bed0fecdcf684c33a14f79068dc1d38f74ce1299347ae320a45345716
postgresql-plperl-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: d20e6fa8cefba7bcb284adaeb0b184fd440aba712606be04591d9a9dc905019f
postgresql-plpython3-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 44b2c870fc1d316cdc0f64d3f632bea976de14600466324fd6ef6563f2357657
postgresql-plpython3-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: a1acc1b7ad4928cb9a28c24133172547c9dcfae2951dd7f6158d85b5c1489934
postgresql-pltcl-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 57fb60288e40c83116d5e8459e03b56da6cc5d05e1a6046aaa6007875de87bf0
postgresql-pltcl-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 03aea97d33670b9a266f8bd2448c2014e391ad47410ebf68e0d2b6e417fe752a
postgresql-server-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: a4a68fc74136e8969b2b207558b95bed80048d6cdff9c8d83237d8cef50b40ea
postgresql-server-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: abbe74734938186251ad1a551848b9b420d2922cff7e442c137264c7e9b31001
postgresql-server-devel-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 1beb66f9a8d86ec239c3c7251bf7d7e0f4e70e1b2598f4857b0d78e40926a2d4
postgresql-server-devel-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 8e65b287458ec038c042d62c4f0068d44e8f7247e7d7c1d3f099444b30554856
postgresql-static-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: e560d7d9998ee18acf7d4a9a14bce934324bade5e01c722d5407048040591db2
postgresql-test-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 980b240588be543a0c3bd7324968624cb111b7dc9d29bd12a621a7ea66cd5702
postgresql-test-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 52d5d8beb4a5f7569ad9b2a726727349a9493e7b3f399eef4d86668446830fdc
postgresql-test-rpm-macros-13.23-1.module+el8.6.0+24447+7305b672.3.noarch.rpm SHA-256: 629b14ad7b46f9420699689c66e42d8465729e2f3889fbcae14d02b400fcce43
postgresql-upgrade-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 25925c276c54462cc5aaef8c769014ebac881cad7dfaf8acbbd5fef9a81867e8
postgresql-upgrade-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: bfa251e22b830260e875f7b60532319be6a1a9415760e831c0ae5bc1800b0006
postgresql-upgrade-devel-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 1597c8319d35fd3223457f7d301bed40a804335b146e81bbedaf7e63d5148f2c
postgresql-upgrade-devel-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 86d61d690b3c832921a60a54df1ea68aef70e4a63a2d530c3b3baf19f237b37f

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm SHA-256: cf5bb68a93506815947a641a4bae89bc8fc115702e717c450fc3e37a54ad3976
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm SHA-256: 69d37c6427f18ed1bd6d29cb2f54e083fb125c162fcb59a687c67528a2fb08e9
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm SHA-256: 1afa4d664011737a91d8efe7f3ba1f1f9bd6c8e7c510d867bbd1ff41832fe95a
postgresql-13.23-1.module+el8.6.0+24447+7305b672.3.src.rpm SHA-256: e169767576e71e128c3c7322c99abafc5cd1eaeffcbe7c55c4864be5e814dcb5
x86_64
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: ca85a22006bcc34f5c248b316e7cd4f4e85dd9b567d2c981f74d379062c844b4
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: 557512e3ee00e5a6d5ff46d4443efd853f36d6030c9ed8776c0915d29d081f60
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm SHA-256: ab85bdfa7d6d9b2e50f316880881239ce99e0915979a65b144349b95b844fa6b
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 0ee2cdf7b40988a40a70294764149d58ef44f12b69ac85752465444a5b011340
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: ed444ce541962f85a37cae58466a203788f69a184d7dbeec159d7b424ab0ff8c
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 3092f6f3bd32f8b30489fed2aad9d9884f77da6872a53d6b183a49b0224e7d91
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: c2d5f6f1d41fd29098090d75b4927696fc01450d42ae75311c14056e574645c0
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: 7275a1229edefdcf0df138ea35e317fb9143461c6122cb4c8a3ec2821f5e1b65
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm SHA-256: c7145f0c47def50c037cd2694d408fa03627e7581a1303e8d7ccfb5cf47918e6
postgresql-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c58123fee5042d4f3fc4af9057205d2e5e7749ef8e83ae9329e483803c8dc00e
postgresql-contrib-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c32214057e57175d6006cbdd0411eabfca6e0570c5780e12cabc6661e26d5207
postgresql-contrib-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 7e02f97aa7afbc53768c71c6e00de8dce96a45e6d8415e47fffdbb7099ce51af
postgresql-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 4dc20d36c35e3a82b3fb7d3fea7ac1c7c97da1ab0513d76c6de991c76734d9c3
postgresql-debugsource-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 7d53f4ab287e83ec266e49abf0d67bda71a8f536ece22e4ea6e23aa880a1aaeb
postgresql-docs-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 4e734a786c1ff254df67294ee9c17c6f76b85bfed1c3849961d24945fc106fe4
postgresql-docs-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: c0204fb8d8e26f5eebe260cdf2ea7ef8b6ed889fbef783b245f5288f067af865
postgresql-plperl-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 3105687bed0fecdcf684c33a14f79068dc1d38f74ce1299347ae320a45345716
postgresql-plperl-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: d20e6fa8cefba7bcb284adaeb0b184fd440aba712606be04591d9a9dc905019f
postgresql-plpython3-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 44b2c870fc1d316cdc0f64d3f632bea976de14600466324fd6ef6563f2357657
postgresql-plpython3-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: a1acc1b7ad4928cb9a28c24133172547c9dcfae2951dd7f6158d85b5c1489934
postgresql-pltcl-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 57fb60288e40c83116d5e8459e03b56da6cc5d05e1a6046aaa6007875de87bf0
postgresql-pltcl-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 03aea97d33670b9a266f8bd2448c2014e391ad47410ebf68e0d2b6e417fe752a
postgresql-server-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: a4a68fc74136e8969b2b207558b95bed80048d6cdff9c8d83237d8cef50b40ea
postgresql-server-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: abbe74734938186251ad1a551848b9b420d2922cff7e442c137264c7e9b31001
postgresql-server-devel-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 1beb66f9a8d86ec239c3c7251bf7d7e0f4e70e1b2598f4857b0d78e40926a2d4
postgresql-server-devel-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 8e65b287458ec038c042d62c4f0068d44e8f7247e7d7c1d3f099444b30554856
postgresql-static-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: e560d7d9998ee18acf7d4a9a14bce934324bade5e01c722d5407048040591db2
postgresql-test-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 980b240588be543a0c3bd7324968624cb111b7dc9d29bd12a621a7ea66cd5702
postgresql-test-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 52d5d8beb4a5f7569ad9b2a726727349a9493e7b3f399eef4d86668446830fdc
postgresql-test-rpm-macros-13.23-1.module+el8.6.0+24447+7305b672.3.noarch.rpm SHA-256: 629b14ad7b46f9420699689c66e42d8465729e2f3889fbcae14d02b400fcce43
postgresql-upgrade-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 25925c276c54462cc5aaef8c769014ebac881cad7dfaf8acbbd5fef9a81867e8
postgresql-upgrade-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: bfa251e22b830260e875f7b60532319be6a1a9415760e831c0ae5bc1800b0006
postgresql-upgrade-devel-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 1597c8319d35fd3223457f7d301bed40a804335b146e81bbedaf7e63d5148f2c
postgresql-upgrade-devel-debuginfo-13.23-1.module+el8.6.0+24447+7305b672.3.x86_64.rpm SHA-256: 86d61d690b3c832921a60a54df1ea68aef70e4a63a2d530c3b3baf19f237b37f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility