Issued:: 2026-03-12
Updated:: 2026-03-12

RHSA-2026:4506 - Security Advisory

Overview
Updated Packages

Synopsis

Important: postgresql:12 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2439324 - CVE-2026-2006 postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
BZ - 2439325 - CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
BZ - 2439326 - CVE-2026-2005 postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661.src.rpm	SHA-256: cb53d724b1c790506a0aeb526b111e98598ed30694a60625ee208206d9313df5
postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661.src.rpm	SHA-256: 485033866826ed00817c2832b52a46db7a2ab6f6657306baeff7425951367efe
postgresql-12.22-1.module+el8.2.0+24074+a7f2beb9.3.src.rpm	SHA-256: 776805a64dd5b3f3816dab9bd76cbd9ec7cbfe4429d7a32584301d5e103858f4
x86_64
pgaudit-1.4.0-4.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: d1e3d38cf894f0624333426a61bed18d7d09d1c81ef2faae6c8b2f02ef4733fc
pgaudit-debuginfo-1.4.0-4.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: cea60fc95bea0fd86ce7207784b4d6d2f6fc139b69ebd8400bfbd57ebee481fa
pgaudit-debugsource-1.4.0-4.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: e316b5008809a187937f0e10c79cd21bfa529f106fcada033a19eae06df5a7af
postgres-decoderbufs-0.10.0-2.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: d2e286ce5fcf5edfcaaead72dd0127ee4487377cb9a98f7715d3f65ad179eeab
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: dd4174ee05407d89a764a775f77fad25857a0cdce92fce2690981f18cfdf872d
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.2.0+9043+1dbb5661.x86_64.rpm	SHA-256: 3fb85fe9b48dfc1f933a9922100cddf4b4742d6149f86c1330fab73a7c8df9ee
postgresql-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 234930d3de860fd9edb2bf5239d5bd6c648cf369f6967777d3cf9a00743337d2
postgresql-contrib-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: fed592801917d207e70800e6b6d0180e8395f91561cf119f0c73c7f92cf06e63
postgresql-contrib-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 730fc69241274a3463d1f98e5c9cb5a2980d4418bdb807b4b4806a0afd51ead4
postgresql-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 3a3870d09a71f5fce1e77a79790d731da8c9b3fdca797075eec2e6acc21053e2
postgresql-debugsource-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: f8ee0ee1cde624060927c010201d7d955b44879ea70d5c0ae66270ac50a2df70
postgresql-docs-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: c952b26acac8863fb2736fd9a95472696840ab36e3744d2bdbbc733e1c1479c2
postgresql-docs-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 964144a6b6a5933d5e69036cf72ca9f52ad7de46494d61072d8a891ae66e9f86
postgresql-plperl-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 32183dc746b664a86e8fd7eae63189bcf5f9206c888379cb6ede4430ee16d9d7
postgresql-plperl-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 0846ad43fd5879dc8fcbafd82c6c78e3df373c3bc4d82fedc7b89e4342ba4d69
postgresql-plpython3-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 6294f94def2424b3774efed03e8e286fde324e552ccd3868da1fcef7b9a00c73
postgresql-plpython3-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: b2eb9d22e3e08a73c3ff02311b1a7c02d88ee0b1bf727a2f80add174bcf25286
postgresql-pltcl-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 7faa628c90c1bbfff891adcf96f075e2cc95247db2e50eaa20fe3b128dde4a66
postgresql-pltcl-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: da88661bb1a38a5494dcbaf2fb29c01a83b63824daf47069fc7c93f0e2485bc5
postgresql-server-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 5b113d093a27393ce2cc994fcf1f0d06abee6b62e1b9ab29db2eeb7ea486daef
postgresql-server-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 831b6380cf40d82b8b86efe589b169126aa6d63a0472687b8fd6c90a50780381
postgresql-server-devel-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 717a59738569ec6d76b2abee7a1786ea33b11c3d043636b2730dc67b26a8043d
postgresql-server-devel-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: d8726219ac499be1cce5b246427ae269339eb85badd9c53c4380fcdd27cbc4fa
postgresql-static-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 45e91425c4ed1e40e7f30adcfec36f5f73f1efff704cbd37e8ed9e38810dc2bd
postgresql-test-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 73eb047e831977049d9c7bdc54df8f88e267d5d0e998595393c9f9cd326c8f36
postgresql-test-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: ae1f409e7362a8fc87e685c0cc7eaefe7eeac937d7bd8590be8ca2d22cb623c4
postgresql-test-rpm-macros-12.22-1.module+el8.2.0+24074+a7f2beb9.3.noarch.rpm	SHA-256: 8eb6224aee3b7103f6bf882cb3b632cc850e458815e562062fcfa48c9c165254
postgresql-upgrade-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 584c81729f6b07517701da45a778eeff405f1fb3aebbb491fb0eb59493f6fbac
postgresql-upgrade-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 7b0d4d78ae587a3b27f865ead4b48fdbe5c20b9845758303a3b73280a2137a48
postgresql-upgrade-devel-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 261a7981eb7128c4d38fa866feacd879c4d1f315b1c5da2629448eda052ef1aa
postgresql-upgrade-devel-debuginfo-12.22-1.module+el8.2.0+24074+a7f2beb9.3.x86_64.rpm	SHA-256: 7f19b4f6b32acd16c9edd1d78a591078be44f5cf73c6a0cf62d730d56e94ecc6

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation