OESA-2026-2479 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

...

FreeBSD : PostgreSQL -- Multiple vulnerabilities (7185ecc9-4fb7-11f1-bc50-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7185ecc9-4fb7-11f1-bc50-6cc21735f730 advisory. The PostgreSQL project reports: Missing authorization in PostgreSQL CREATE TYPE allows an obje...

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

Security update for postgresql95 (important)

This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: https://www.postgresql.org/docs/9.5/static/release-9-5-11.html CVE-2018-1053, boo1077983: Ensure that all temporary files made by pgupgrade are non-world-readable. boo1079757: Rename...