Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:35880 - Security Advisory
Issued:
2026-07-06
Updated:
2026-07-06

RHSA-2026:35880 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libpq security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpq is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.

Security Fix(es):

  • postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)
  • postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)
  • postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
  • postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2477439 - CVE-2026-6475 postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
  • BZ - 2477442 - CVE-2026-6477 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
  • BZ - 2477447 - CVE-2026-6478 postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
  • BZ - 2477448 - CVE-2026-6473 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

CVEs

  • CVE-2026-6473
  • CVE-2026-6475
  • CVE-2026-6477
  • CVE-2026-6478

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle Long Life 8.8

SRPM
libpq-13.23-1.el8_8.1.src.rpm SHA-256: 55288189ab3fd308aa8550202b3f0c75feb322f1973008e606a44dd944c8cad1
x86_64
libpq-13.23-1.el8_8.1.i686.rpm SHA-256: b4f8a1e807060d99f9df324570823a48ad42bdac9833e85796e6fb3b18b3a0e0
libpq-13.23-1.el8_8.1.x86_64.rpm SHA-256: b5af21453e4343969b59ac0d89c17e0a2453df6f775a2a7815ac53ff0c20c2ee
libpq-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 2163e116df831d407d6a0b6665ea450bedfbf77c3f6eca9f2a4a21d332362cee
libpq-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: fd2cf6831c1d01e2e16f09098652a37ca88338ac5476027318d738f073aa4704
libpq-debugsource-13.23-1.el8_8.1.i686.rpm SHA-256: 5940f60dc7c0dd39a799ea9b30c46af1183d72d509d2821d6db9595947a93401
libpq-debugsource-13.23-1.el8_8.1.x86_64.rpm SHA-256: 04198e82e3d308b6cffca408a894ff7e25ac40c92742f9f446808d2315eb0b00
libpq-devel-13.23-1.el8_8.1.i686.rpm SHA-256: e2eeaf0ef5eaa43a884d0032ea21c3b7a87b18c48865582e6402b6c6dc61aa4e
libpq-devel-13.23-1.el8_8.1.x86_64.rpm SHA-256: 5b27ea262a39663392a09b2136bda4250adf6a6a0270d5b65072e202f34a1d30
libpq-devel-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 0e130d579747246ceccf30e28be838029b8441ae64a20edbb44ba79fd9e6c8b6
libpq-devel-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: 2022df56ca74f3001d2002ab1b08468c3d5592482b0cbe33d4a4e24c74818b2f

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
libpq-13.23-1.el8_8.1.src.rpm SHA-256: 55288189ab3fd308aa8550202b3f0c75feb322f1973008e606a44dd944c8cad1
x86_64
libpq-13.23-1.el8_8.1.i686.rpm SHA-256: b4f8a1e807060d99f9df324570823a48ad42bdac9833e85796e6fb3b18b3a0e0
libpq-13.23-1.el8_8.1.x86_64.rpm SHA-256: b5af21453e4343969b59ac0d89c17e0a2453df6f775a2a7815ac53ff0c20c2ee
libpq-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 2163e116df831d407d6a0b6665ea450bedfbf77c3f6eca9f2a4a21d332362cee
libpq-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: fd2cf6831c1d01e2e16f09098652a37ca88338ac5476027318d738f073aa4704
libpq-debugsource-13.23-1.el8_8.1.i686.rpm SHA-256: 5940f60dc7c0dd39a799ea9b30c46af1183d72d509d2821d6db9595947a93401
libpq-debugsource-13.23-1.el8_8.1.x86_64.rpm SHA-256: 04198e82e3d308b6cffca408a894ff7e25ac40c92742f9f446808d2315eb0b00
libpq-devel-13.23-1.el8_8.1.i686.rpm SHA-256: e2eeaf0ef5eaa43a884d0032ea21c3b7a87b18c48865582e6402b6c6dc61aa4e
libpq-devel-13.23-1.el8_8.1.x86_64.rpm SHA-256: 5b27ea262a39663392a09b2136bda4250adf6a6a0270d5b65072e202f34a1d30
libpq-devel-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 0e130d579747246ceccf30e28be838029b8441ae64a20edbb44ba79fd9e6c8b6
libpq-devel-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: 2022df56ca74f3001d2002ab1b08468c3d5592482b0cbe33d4a4e24c74818b2f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
libpq-13.23-1.el8_8.1.src.rpm SHA-256: 55288189ab3fd308aa8550202b3f0c75feb322f1973008e606a44dd944c8cad1
ppc64le
libpq-13.23-1.el8_8.1.ppc64le.rpm SHA-256: 1c2894d6703936bf75649da030875328bba23aa24f19abbeb12dc682758cb025
libpq-debuginfo-13.23-1.el8_8.1.ppc64le.rpm SHA-256: 0d15a0cdca39b0d444da5af7f84f47e7aa5a9168704b21a6aa3b1e7c2ffacc5d
libpq-debugsource-13.23-1.el8_8.1.ppc64le.rpm SHA-256: e70e2a0ae72f351102cf6021af4ff4b0d8bbb29fcd99ef533f9c812e26fefb52
libpq-devel-13.23-1.el8_8.1.ppc64le.rpm SHA-256: 359d5fa7a077a4a890243288d67a6c02bfe998287062ffe382a9155bfb7b155e
libpq-devel-debuginfo-13.23-1.el8_8.1.ppc64le.rpm SHA-256: b87ceae973c99c1378632a6119398c022270eba194efa5369f11447df9e0c4d6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
libpq-13.23-1.el8_8.1.src.rpm SHA-256: 55288189ab3fd308aa8550202b3f0c75feb322f1973008e606a44dd944c8cad1
x86_64
libpq-13.23-1.el8_8.1.i686.rpm SHA-256: b4f8a1e807060d99f9df324570823a48ad42bdac9833e85796e6fb3b18b3a0e0
libpq-13.23-1.el8_8.1.x86_64.rpm SHA-256: b5af21453e4343969b59ac0d89c17e0a2453df6f775a2a7815ac53ff0c20c2ee
libpq-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 2163e116df831d407d6a0b6665ea450bedfbf77c3f6eca9f2a4a21d332362cee
libpq-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: fd2cf6831c1d01e2e16f09098652a37ca88338ac5476027318d738f073aa4704
libpq-debugsource-13.23-1.el8_8.1.i686.rpm SHA-256: 5940f60dc7c0dd39a799ea9b30c46af1183d72d509d2821d6db9595947a93401
libpq-debugsource-13.23-1.el8_8.1.x86_64.rpm SHA-256: 04198e82e3d308b6cffca408a894ff7e25ac40c92742f9f446808d2315eb0b00
libpq-devel-13.23-1.el8_8.1.i686.rpm SHA-256: e2eeaf0ef5eaa43a884d0032ea21c3b7a87b18c48865582e6402b6c6dc61aa4e
libpq-devel-13.23-1.el8_8.1.x86_64.rpm SHA-256: 5b27ea262a39663392a09b2136bda4250adf6a6a0270d5b65072e202f34a1d30
libpq-devel-debuginfo-13.23-1.el8_8.1.i686.rpm SHA-256: 0e130d579747246ceccf30e28be838029b8441ae64a20edbb44ba79fd9e6c8b6
libpq-devel-debuginfo-13.23-1.el8_8.1.x86_64.rpm SHA-256: 2022df56ca74f3001d2002ab1b08468c3d5592482b0cbe33d4a4e24c74818b2f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility