Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

postgresql:15 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

ALSA-2026:27738 Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer...

ALSA-2026:27741 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite...

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

postgresql:16 security update

An update is available for module.pgvector, postgres-decoderbufs, module.postgres-decoderbufs, pgvector, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgis, module.postgresql, postgis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2025-14813, CVE-2026-5598 reported for bcprov-jdk18on-1.81.jar. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JA...

CLSA-2026-1779389543 Fix of 6 CVEs

SECURITY UPDATE: integer wraparound on 32-bit systems in palloc callers - debian/patches/CVE-2026-6473.patch: integer wraparound on 32-bit systems in palloc callers - CVE-2026-6473 SECURITY UPDATE: format-string memory disclosure in timeofday via crafted timezones -...

Updated postgresql15 packages fix security vulnerabilities

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. CVE-2026-6472 PostgreSQL server undersizes allocations, via integer wraparound. CVE-2026-6473 PostgreSQL timeofday can disclose portions of server memory. CVE-2026-6474 PostgreSQL pgbasebackup and pgrewind can overwrite...

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel via the authentication process. An attacker can recover user credentials by exploiting timing differences during MD5-hashed password comparison. This is only exploitable if the database contains MD5-hashed password...

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

CVE-2026-6478

CVE-2026-6478 describes a covert timing channel in PostgreSQL authentication that leverages the comparison of MD5-hashed passwords to recover credentials sufficient to authenticate. The issue affects MD5-hashed password usage (not affecting scram-sha-256 by default) and is pertinent to environmen...

CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...