On 02/12 05:54, Jeremy Evans wrote:
> This updates to the latest release of PostgreSQL. In addition to the
> usual bug fixes, there are some security fixes:
>
> CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
>
> CVE-2026-2004: PostgreSQL intarray missing validation of type of input
> to selectivity estimator executes arbitrary code
>
> CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
> arbitrary code
>
> CVE-2026-2006: PostgreSQL missing validation of multibyte character
> length executes arbitrary code
>
> CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
> onto server memory
>
> Tested locally on amd64. OKs?
PostgreSQL announced an out-of-band release for next week to fix some
regressions in 18.2. So instead of upgrading to 18.2, we can wait for
18.3. For more details:
https://www.postgresql.org/about/news/out-of-cycle-release-scheduled-for-february-26-2026-3241/
Best,
Jeremy
No comments:
Post a Comment