BIT-POSTGRESQL-2026-6476 PostgreSQL pg_createsubscriber allows SQL injection via subscription name

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

BIT-POSTGRESQL-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

BIT-POSTGRESQL-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

BIT-POSTGRESQL-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

BIT-POSTGRESQL-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

[SECURITY] Fedora 42 Update: pgbouncer-1.25.2-1.fc42

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

[SECURITY] Fedora 42 Update: coturn-4.11.0-1.fc42

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

[SECURITY] Fedora 43 Update: pgbouncer-1.25.2-1.fc43

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

[SECURITY] Fedora 44 Update: pgbouncer-1.25.2-1.fc44

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

OPENSUSE-SU-2026:10808-1 postgresql16-16.14-1.1 on GA media

These are all security issues fixed in the postgresql16-16.14-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10807-1 postgresql15-15.18-1.1 on GA media

These are all security issues fixed in the postgresql15-15.18-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10809-1 postgresql17-17.10-1.1 on GA media

These are all security issues fixed in the postgresql17-17.10-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10806-1 postgresql14-14.23-1.1 on GA media

These are all security issues fixed in the postgresql14-14.23-1.1 package on the GA media of openSUSE Tumbleweed...

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

...

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

PostgreSQL refint allows stack buffer overflow and SQL injection

...

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

...

PostgreSQL timeofday() can disclose portions of server memory

...

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

...

PostgreSQL REFRESH PUBLICATION allows SQL injection via table name

...