Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:34362 - Security Advisory
Issued:
2026-07-01
Updated:
2026-07-01

RHSA-2026:34362 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: postgresql:12 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

  • postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)
  • postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)
  • postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
  • postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

  • BZ - 2477439 - CVE-2026-6475 postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
  • BZ - 2477442 - CVE-2026-6477 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
  • BZ - 2477447 - CVE-2026-6478 postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
  • BZ - 2477448 - CVE-2026-6473 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

CVEs

  • CVE-2026-6473
  • CVE-2026-6475
  • CVE-2026-6477
  • CVE-2026-6478

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.src.rpm SHA-256: b03a38090ec961b4c6fe83ae8e373284f0576a5472251536dfb1d10916b31177
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.src.rpm SHA-256: 4a6ff774095320178b96a836d62d5db488a36d985f86c0df120df6bdffe444e1
postgresql-12.22-1.module+el8.4.0+24442+74e4dc28.4.src.rpm SHA-256: da5f2a33ed9fcf0c583cd74b5be34de541f1aa39824f676510d36c733e8b851f
x86_64
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 0bbd0a783d7399c0a70bace3f71bd9bc706d57cfbd5a92355253eac38ef71d64
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 7ec70c2c12b53aa6aef901acc2c48655d7acc11b45db3a5a8728a4eff214a610
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: efae4253c28d1d3774ef16406da959ed11d8dd45ba769426433fb7433cadee0c
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: a6b90b09552fcc2cc7778ea384a195d97850282bbab941aa1d37fd4c314d94ac
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: a30fa22fccb754620843adaba31b89c77e7c757cba5fc3707804b51190dd02ef
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 5def5e99e1ff1ae1444788ab565fcd9d0ba1b9bea1a1650c3302fdaca8585ec3
postgresql-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 53129d6a2d7a43e354be675a607baf8c80a7ee3220cbf586c117f3d51a647bc4
postgresql-contrib-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 62319bf0c48f74c1df87ebb6ddc69cc5cbce861d41f96822090350e8e9df4fa5
postgresql-contrib-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: b910bb0792d1d3ec37d88c96e4474a400c2e1a6f4fcb916495b70c7f2bf1a003
postgresql-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: f77ea3a79b442ad5b44c36816786b1b9b56efec4c748d7763729ac0b6fe7678f
postgresql-debugsource-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 7e3af9907a6c57b19f35ef36f20ebc7af49085c0ae32c9d7993dff582d76e8b7
postgresql-docs-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 4ec70f84a351ad995aa7ae0f6c02c5059b00601ee7c83860d439aa6a527f130c
postgresql-docs-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 5ce2658c55aac2cbaf5c656f20e7a49cc5667ba8315173af58ef9a501b5aef40
postgresql-plperl-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 78746a9dff34cc245b0e425e51c99795882144b3fd1fe28cf4955dadd1980e68
postgresql-plperl-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 482c4cddb042d9f86a6d9f917e0590d7db628cdcabc9cfb41ea0378cd34eb5a8
postgresql-plpython3-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 29b633c27233badf5c332b39d134c2712e1aef38fdec95decb2075ce65d71c95
postgresql-plpython3-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 9e1d4e8574496c2d2b73fa4d660f7fd5e8e5b96c70d3d09897c301159a7711ca
postgresql-pltcl-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: c6b2fe78c96c0d2b70f52f7c7339dc9f701540dd7b4d70b5e75186b8f3b024ef
postgresql-pltcl-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 32cb8227fa43bd364835d9a334b5ba4551f495df04ad96739bce5c9c7439212c
postgresql-server-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 849c649a5b0b83e0b8e30105b6ba3c253478d697015463d40b7a1fe227829c97
postgresql-server-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 6f0a4d7c525b90b5b138926823d8de0e7ae47ea9d03b1a0ba8d0dbb7df6fd228
postgresql-server-devel-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 4212deb1c15a5d9cc7d4954237d6f034102c708820e7533540da54ae2dfebfca
postgresql-server-devel-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: e2b14eddb4ea07edd65405a28262a2b3db8ec0285c36dfcb98bc607418a28bb5
postgresql-static-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: a6080a68bebbbe6883e4feef89ba760de494cf2622cc61a4fb9385e1d131ee92
postgresql-test-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: aeb99626e52bcf97ab610c7f486e8a46d7d7c35aa57e7839a0d49b50a09e7439
postgresql-test-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 2e87a351947378ae707a28e28ac590df12197de1b29102e51b07a1346589c059
postgresql-test-rpm-macros-12.22-1.module+el8.4.0+24442+74e4dc28.4.noarch.rpm SHA-256: 1967392d034668f89c5ea7085379bf1e11fedd4c1a03c577f4264a278633beed
postgresql-upgrade-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 9302760825c729b87bbc04cbe2df8715b8dc8b0f7454fded3a20ede82c0476b2
postgresql-upgrade-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 793ecb67c4a1f58c5329606321e07987b1e5027d21531c3c306d5ec8352331d3
postgresql-upgrade-devel-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: d2fa0060b9f897b1a14d18e05d25b393e21ff4b415e6c40ee918cf3e69abd8ba
postgresql-upgrade-devel-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: e39752bbe47d91cdc93d62d7c317f67ee8499887e173abffcbc6da21e77470b2

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.src.rpm SHA-256: b03a38090ec961b4c6fe83ae8e373284f0576a5472251536dfb1d10916b31177
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.src.rpm SHA-256: 4a6ff774095320178b96a836d62d5db488a36d985f86c0df120df6bdffe444e1
postgresql-12.22-1.module+el8.4.0+24442+74e4dc28.4.src.rpm SHA-256: da5f2a33ed9fcf0c583cd74b5be34de541f1aa39824f676510d36c733e8b851f
x86_64
pgaudit-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 0bbd0a783d7399c0a70bace3f71bd9bc706d57cfbd5a92355253eac38ef71d64
pgaudit-debuginfo-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 7ec70c2c12b53aa6aef901acc2c48655d7acc11b45db3a5a8728a4eff214a610
pgaudit-debugsource-1.4.0-6.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: efae4253c28d1d3774ef16406da959ed11d8dd45ba769426433fb7433cadee0c
postgres-decoderbufs-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: a6b90b09552fcc2cc7778ea384a195d97850282bbab941aa1d37fd4c314d94ac
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: a30fa22fccb754620843adaba31b89c77e7c757cba5fc3707804b51190dd02ef
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+11288+c193d6d7.x86_64.rpm SHA-256: 5def5e99e1ff1ae1444788ab565fcd9d0ba1b9bea1a1650c3302fdaca8585ec3
postgresql-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 53129d6a2d7a43e354be675a607baf8c80a7ee3220cbf586c117f3d51a647bc4
postgresql-contrib-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 62319bf0c48f74c1df87ebb6ddc69cc5cbce861d41f96822090350e8e9df4fa5
postgresql-contrib-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: b910bb0792d1d3ec37d88c96e4474a400c2e1a6f4fcb916495b70c7f2bf1a003
postgresql-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: f77ea3a79b442ad5b44c36816786b1b9b56efec4c748d7763729ac0b6fe7678f
postgresql-debugsource-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 7e3af9907a6c57b19f35ef36f20ebc7af49085c0ae32c9d7993dff582d76e8b7
postgresql-docs-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 4ec70f84a351ad995aa7ae0f6c02c5059b00601ee7c83860d439aa6a527f130c
postgresql-docs-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 5ce2658c55aac2cbaf5c656f20e7a49cc5667ba8315173af58ef9a501b5aef40
postgresql-plperl-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 78746a9dff34cc245b0e425e51c99795882144b3fd1fe28cf4955dadd1980e68
postgresql-plperl-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 482c4cddb042d9f86a6d9f917e0590d7db628cdcabc9cfb41ea0378cd34eb5a8
postgresql-plpython3-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 29b633c27233badf5c332b39d134c2712e1aef38fdec95decb2075ce65d71c95
postgresql-plpython3-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 9e1d4e8574496c2d2b73fa4d660f7fd5e8e5b96c70d3d09897c301159a7711ca
postgresql-pltcl-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: c6b2fe78c96c0d2b70f52f7c7339dc9f701540dd7b4d70b5e75186b8f3b024ef
postgresql-pltcl-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 32cb8227fa43bd364835d9a334b5ba4551f495df04ad96739bce5c9c7439212c
postgresql-server-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 849c649a5b0b83e0b8e30105b6ba3c253478d697015463d40b7a1fe227829c97
postgresql-server-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 6f0a4d7c525b90b5b138926823d8de0e7ae47ea9d03b1a0ba8d0dbb7df6fd228
postgresql-server-devel-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 4212deb1c15a5d9cc7d4954237d6f034102c708820e7533540da54ae2dfebfca
postgresql-server-devel-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: e2b14eddb4ea07edd65405a28262a2b3db8ec0285c36dfcb98bc607418a28bb5
postgresql-static-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: a6080a68bebbbe6883e4feef89ba760de494cf2622cc61a4fb9385e1d131ee92
postgresql-test-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: aeb99626e52bcf97ab610c7f486e8a46d7d7c35aa57e7839a0d49b50a09e7439
postgresql-test-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 2e87a351947378ae707a28e28ac590df12197de1b29102e51b07a1346589c059
postgresql-test-rpm-macros-12.22-1.module+el8.4.0+24442+74e4dc28.4.noarch.rpm SHA-256: 1967392d034668f89c5ea7085379bf1e11fedd4c1a03c577f4264a278633beed
postgresql-upgrade-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 9302760825c729b87bbc04cbe2df8715b8dc8b0f7454fded3a20ede82c0476b2
postgresql-upgrade-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: 793ecb67c4a1f58c5329606321e07987b1e5027d21531c3c306d5ec8352331d3
postgresql-upgrade-devel-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: d2fa0060b9f897b1a14d18e05d25b393e21ff4b415e6c40ee918cf3e69abd8ba
postgresql-upgrade-devel-debuginfo-12.22-1.module+el8.4.0+24442+74e4dc28.4.x86_64.rpm SHA-256: e39752bbe47d91cdc93d62d7c317f67ee8499887e173abffcbc6da21e77470b2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility