-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 May 2026 12:51:10 +0200 Source: postgresql-15 Binary: libecpg-compat3 libecpg-compat3-dbgsym libecpg-dev libecpg-dev-dbgsym libecpg6 libecpg6-dbgsym libpgtypes3 libpgtypes3-dbgsym libpq-dev libpq5 libpq5-dbgsym postgresql-15 postgresql-15-dbgsym postgresql-client-15 postgresql-client-15-dbgsym postgresql-plperl-15 postgresql-plperl-15-dbgsym postgresql-plpython3-15 postgresql-plpython3-15-dbgsym postgresql-pltcl-15 postgresql-pltcl-15-dbgsym postgresql-server-dev-15 Architecture: i386 Version: 15.18-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Christoph Berg Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 15 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-15 - The World's Most Advanced Open Source Relational Database postgresql-client-15 - front-end programs for PostgreSQL 15 postgresql-plperl-15 - PL/Perl procedural language for PostgreSQL 15 postgresql-plpython3-15 - PL/Python 3 procedural language for PostgreSQL 15 postgresql-pltcl-15 - PL/Tcl procedural language for PostgreSQL 15 postgresql-server-dev-15 - development files for PostgreSQL 15 server-side programming Changes: postgresql-15 (15.18-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 15.18. . + Prevent unbounded recursion while processing startup packets (Michael Paquier) . A malicious client could crash the connected backend by alternating rejected SSL and GSS encryption requests indefinitely. . The PostgreSQL Project thanks Calif.io (in collaboration with Claude and Anthropic Research) for reporting this problem. (CVE-2026-6479) . + Fix assorted integer overflows in memory-allocation calculations (Tom Lane, Nathan Bossart, Heikki Linnakangas) . Various places were incautious about the possibility of integer overflow in calculations of how much memory to allocate. Overflow would lead to allocating a too-small buffer which the caller would then write past the end of. This would at least trigger server crashes, and probably could be exploited for arbitrary code execution. In many but by no means all cases, the hazard exists only in 32-bit builds. . The PostgreSQL Project thanks Xint Code, Bruce Dang, Sven Klemm, and Pavel Kohout for reporting these problems. (CVE-2026-6473) . + Reject over-length options in ts_headline() (Michael Paquier) . The StartSel, StopSel and FragmentDelimiter strings must not exceed 32Kb in length, but this was not checked for. An over-length value would typically crash the server. . The PostgreSQL Project thanks Xint Code for reporting this problem. (CVE-2026-6473) . + Guard against malicious time zone names in timeofday() and pg_strftime() (Tom Lane) . A crafted time zone setting could pass % sequences to snprintf(), potentially causing crashes or disclosure of server memory. Another path to similar results was to overflow the limited-size output buffer used by pg_strftime(). . The PostgreSQL Project thanks Xint Code for reporting this problem. (CVE-2026-6474) . + When creating a multirange type, ensure the user has CREATE privilege on the schema specified for the multirange type (Jelte Fennema-Nio) . The multirange type can be put into a different schema than its parent range type, but we neglected to apply the required privilege check when doing so. . The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this problem. (CVE-2026-6472) . + Use timing-safe string comparisons in authentication code (Michael Paquier) . Use timingsafe_bcmp() instead of memcpy() or strcmp() when checking passwords, hashes, etc. It is not known whether the data dependency of those functions is usefully exploitable in any of these places, but in the interests of safety, replace them. . The PostgreSQL Project thanks Joe Conway for reporting this problem. (CVE-2026-6478) . + Mark PQfn() as unsafe, and avoid using it within libpq (Nathan Bossart) . For a non-integral result type, PQfn() is not passed the size of the output buffer, so it cannot check that the data returned by the server will fit. A malicious server could therefore overwrite client memory. This is unfixable without an API change, so mark the function as deprecated. Internally to libpq, use a variant version that can apply the missing check. . The PostgreSQL Project thanks Yu Kunpeng and Martin Heistermann for reporting this problem. (CVE-2026-6477) . + Prevent path traversal in pg_basebackup and pg_rewind (Michael Paquier) . These applications failed to validate output file paths read from their input, so that a malicious source could overwrite any file writable by these applications. Constrain where data can be written by rejecting paths that are absolute or contain parent-directory references. . The PostgreSQL Project thanks XlabAI Team of Tencent Xuanwu Lab and Valery Gubanov for reporting this problem. (CVE-2026-6475) . + Guard against field overflow within contrib/intarray's query_int type and contrib/ltree's ltxtquery type (Tom Lane) . Parsing of these query structures did not check for overflow of 16-bit fields, so that construction of an invalid query tree was possible. This can crash the server when executing the query. . The PostgreSQL Project thanks Xint Code for reporting this problem. (CVE-2026-6473) . + Guard against overly long values of contrib/ltree's lquery type (Michael Paquier) . Values with more than 64K items caused internal overflows, potentially resulting in stack smashes or wrong answers. . The PostgreSQL Project thanks Vergissmeinnicht, A1ex, and Jihe Wang for reporting this problem. (CVE-2026-6473) . + Prevent SQL injection and buffer overruns in contrib/spi (Nathan Bossart) . check_foreign_key() was insufficiently careful about quoting key values, and also used fixed-length buffers for constructing queries. While this module is only meant as example code, it still shouldn't contain such dangerous errors. . The PostgreSQL Project thanks Nikolay Samokhvalov for reporting this problem. (CVE-2026-6637) Checksums-Sha1: 8b8512b6f1e8adc5414b65c69c17e6baf1c4f340 14412 libecpg-compat3-dbgsym_15.18-0+deb12u1_i386.deb d75eb5123341a5a293e04c09f3ebff2ec4507381 23272 libecpg-compat3_15.18-0+deb12u1_i386.deb 7ea50b10419ca4953196d7ecc25e76910bec688c 273848 libecpg-dev-dbgsym_15.18-0+deb12u1_i386.deb 5810593aedf8b95af1f04a9baff9f4bf5e0c646b 312388 libecpg-dev_15.18-0+deb12u1_i386.deb e8abf5c4ee03aa02ec95ac4ff11a20aa63f29e3b 102560 libecpg6-dbgsym_15.18-0+deb12u1_i386.deb b18e5bf28d334f0160149de2b3729c355ba4661d 71132 libecpg6_15.18-0+deb12u1_i386.deb 73be6dca2f3bbaf6d54e218d8e54189e78e77b2c 80788 libpgtypes3-dbgsym_15.18-0+deb12u1_i386.deb 4abcf13b20284c0f223b7a6646e4fd6039cfc42b 52708 libpgtypes3_15.18-0+deb12u1_i386.deb ba02869ae6160b611cf5a18ddd3c5f6832bac0d2 160812 libpq-dev_15.18-0+deb12u1_i386.deb cd975ae3d430362ce80887fa8e5139a05a8b7a79 246192 libpq5-dbgsym_15.18-0+deb12u1_i386.deb 41d5c753964dc34222318eacd1fd5dd94d6c3d69 204280 libpq5_15.18-0+deb12u1_i386.deb 2f976d5caaea725826081e42c200a8ea6b3dba6b 15457088 postgresql-15-dbgsym_15.18-0+deb12u1_i386.deb 317bdd3db39173cccc11e2de1d3619702ae3ae5e 17195 postgresql-15_15.18-0+deb12u1_i386-buildd.buildinfo 685c78fc214c86b47d09acc4852ce0e936a9e69a 17132132 postgresql-15_15.18-0+deb12u1_i386.deb 1d59cb1a7e6dca179fdfb39dc5e68bdb79e9a0af 2314428 postgresql-client-15-dbgsym_15.18-0+deb12u1_i386.deb 8dcb24efc49ece48dc03d988ba487976636c0816 1765936 postgresql-client-15_15.18-0+deb12u1_i386.deb 77682604d4adf0ea370fc8551109fbb74a0bb6d2 173964 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_i386.deb 3f323691f3505569cb6283bf5385e4babd8576d0 99360 postgresql-plperl-15_15.18-0+deb12u1_i386.deb f7cc0deca6d8bda2e7302b7dac431987eba019bf 164128 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_i386.deb 8a57fae01c7049c6c3a1f21c79c92f0343397226 119876 postgresql-plpython3-15_15.18-0+deb12u1_i386.deb c0c709528010639adee2b5cf5dfdbea8613c68b6 74180 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_i386.deb 2ca9bee89a2058aabbd4114aecdcf9f8a43d3872 49432 postgresql-pltcl-15_15.18-0+deb12u1_i386.deb 526e6a2de034af1bfcbe23b16ce2e8e2a81fea7a 1174764 postgresql-server-dev-15_15.18-0+deb12u1_i386.deb Checksums-Sha256: b99b195b78d9de7a73ea6173f026dac466cf460ff4355db84b68c3253444938e 14412 libecpg-compat3-dbgsym_15.18-0+deb12u1_i386.deb 3c7702df92dc7bd3a8337b009149a14015f09a7a89175f0557b36d577925d9e1 23272 libecpg-compat3_15.18-0+deb12u1_i386.deb 27859e64e47f5ebf1f64c24ea1af7047bcc963b656ad1bae8436592818a21d55 273848 libecpg-dev-dbgsym_15.18-0+deb12u1_i386.deb d2d5874a4d18ab74b48b499afb12133e8c3b31155e52c83f61223ce15d73a80e 312388 libecpg-dev_15.18-0+deb12u1_i386.deb 3e4aa97df93e1012230fbdf6afe363126cde0560fbad9a84a2816fea587e369b 102560 libecpg6-dbgsym_15.18-0+deb12u1_i386.deb e747df95b4f85ae8e700133040ef8d95f13ebdae56544e63148952e6cc13e7f3 71132 libecpg6_15.18-0+deb12u1_i386.deb 65e206f3c64b5dd793a2fb0bfa08fff7cf625c9e715ef5b8d1a3a6ae7cee388e 80788 libpgtypes3-dbgsym_15.18-0+deb12u1_i386.deb 2aaf1a8e1dd3f754ca903ebca0231d7c2b6c570fc2aac932c9b5d471550bfce5 52708 libpgtypes3_15.18-0+deb12u1_i386.deb 982036f39d8314cab7c4a193c4357a9b48c543b42e9e03d742a8b0d8012af411 160812 libpq-dev_15.18-0+deb12u1_i386.deb 73c1e162dc20abe798e2b01d506d82a98847b94a3846f7787b37a0a43ee815d9 246192 libpq5-dbgsym_15.18-0+deb12u1_i386.deb 4eb8061ca768ddb55a795ebd1795da87f751fcabd0ca06b6dae1505159011b1d 204280 libpq5_15.18-0+deb12u1_i386.deb 7b3f602ce6bc1a41ee77b0187fa25fa2b315320684c7ef5e84398b0e8586bc06 15457088 postgresql-15-dbgsym_15.18-0+deb12u1_i386.deb 6f37c05b9415f049970b04cbeca54783441cff508c3c57bfab6ae839b167fca5 17195 postgresql-15_15.18-0+deb12u1_i386-buildd.buildinfo 67e3d54e5d11afcb1536f03ad5bebc8f056ab05282796ab13d46a8921f967719 17132132 postgresql-15_15.18-0+deb12u1_i386.deb 4c5ea0b13d50b6cffe79e75f9964973ac887d684f9228ac7887c0dd9cae9ec60 2314428 postgresql-client-15-dbgsym_15.18-0+deb12u1_i386.deb cd86e6ce5987691bc88475a3874b93823bbea23235a5b0fa0aae340d89fbd471 1765936 postgresql-client-15_15.18-0+deb12u1_i386.deb 46f4e5d94cc517cdd7be8b5d19d7b22b5ac5a2953b11bb9d849aa75ce61f2a8e 173964 postgresql-plperl-15-dbgsym_15.18-0+deb12u1_i386.deb 20f269430af3e48a89febfa8ad49ebd1d79c3355280ce978cd9bf3ca3204c332 99360 postgresql-plperl-15_15.18-0+deb12u1_i386.deb d564d056b4dde3048707a4573b4d13c5568f4ed2320f88149251e9ae634dfd19 164128 postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_i386.deb 6691a4582c8243d19f31f0072c596761876175f79802e81bb1fe360bf735da91 119876 postgresql-plpython3-15_15.18-0+deb12u1_i386.deb f744ccd1373b6923f26bc44242e303febaab79a4e9d4cfe8bcccbc03ecd380be 74180 postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_i386.deb bf13f1db3f7c8d635d85eda7bd5163dcfcbcd6610d0b2abd211628eba1671da2 49432 postgresql-pltcl-15_15.18-0+deb12u1_i386.deb 7cbfde6325cf4d2304005791ed6932fa92b05a71fb78298896f8b7d4d588c706 1174764 postgresql-server-dev-15_15.18-0+deb12u1_i386.deb Files: 65894d083e90c4a44c4185266d960365 14412 debug optional libecpg-compat3-dbgsym_15.18-0+deb12u1_i386.deb 864b6524f9a5de6276a38779a0eb7887 23272 libs optional libecpg-compat3_15.18-0+deb12u1_i386.deb bda79fbbd30a1b71a19835990c549b0f 273848 debug optional libecpg-dev-dbgsym_15.18-0+deb12u1_i386.deb 9ff06f9b01dd7d74bea7e136496c74f7 312388 libdevel optional libecpg-dev_15.18-0+deb12u1_i386.deb b6f1d9f663a39456ca80304b6812dca8 102560 debug optional libecpg6-dbgsym_15.18-0+deb12u1_i386.deb a4e5a399fe79ac189845d9e4c925559a 71132 libs optional libecpg6_15.18-0+deb12u1_i386.deb 48ad9b00d6cd08074ee82bcc4a497298 80788 debug optional libpgtypes3-dbgsym_15.18-0+deb12u1_i386.deb 1c1316ff5b2455913795cabc45c718e0 52708 libs optional libpgtypes3_15.18-0+deb12u1_i386.deb 3a70af2f28699a9a1779f6cb5deb0d64 160812 libdevel optional libpq-dev_15.18-0+deb12u1_i386.deb 5bdb99f2e9922347805b0ca72ca897f5 246192 debug optional libpq5-dbgsym_15.18-0+deb12u1_i386.deb fedfc3993431ecea2c0f4038f9f2d56d 204280 libs optional libpq5_15.18-0+deb12u1_i386.deb c532d616477391f42453f91d602d7cb6 15457088 debug optional postgresql-15-dbgsym_15.18-0+deb12u1_i386.deb a2796c60f6378538af1171adde84aece 17195 database optional postgresql-15_15.18-0+deb12u1_i386-buildd.buildinfo 67f0eb862701984e2b53dec94d57e6f9 17132132 database optional postgresql-15_15.18-0+deb12u1_i386.deb ec871a21a4e3cf9b318bfcc9554751e0 2314428 debug optional postgresql-client-15-dbgsym_15.18-0+deb12u1_i386.deb 92f2b097057e89f75f7adf70fbebb670 1765936 database optional postgresql-client-15_15.18-0+deb12u1_i386.deb bd221a55758363d64c4edf9abc79e969 173964 debug optional postgresql-plperl-15-dbgsym_15.18-0+deb12u1_i386.deb bbe649dde3163d0b2f2dab9b78800049 99360 database optional postgresql-plperl-15_15.18-0+deb12u1_i386.deb 5cb9c91d50c9b761caaaf7078d5ac8c5 164128 debug optional postgresql-plpython3-15-dbgsym_15.18-0+deb12u1_i386.deb 2b3df05d92c535bdd0700af21268c362 119876 database optional postgresql-plpython3-15_15.18-0+deb12u1_i386.deb e792489dae265f0a51ed1088a98e1048 74180 debug optional postgresql-pltcl-15-dbgsym_15.18-0+deb12u1_i386.deb b6729507d030e830b3e54db9942c5e13 49432 database optional postgresql-pltcl-15_15.18-0+deb12u1_i386.deb 46e8de7d11cc4ee9e8d63395438570c5 1174764 libdevel optional postgresql-server-dev-15_15.18-0+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmoDQ8gACgkQbheoBegw XLL5NRAArMB0wBWXVGwRVLTnrvUZ12AlF+QG6IVmdTUDtiY13ETQM5qDF6rDzq6W AYRjlhB/0SBhePKVMW6XPHTbIWbYrsHE7Azz8krChZMeZrIJCILdWfwzqmlUqJEw E73gHhT7LvbE872BcNKNfmgp3B+AmY85A5sE99HMjzbwWt6QJlCB4GGdLGDwcgrF m0+yNebLW1Hra2UEONtdAZlQtGP4XX7FkvTQdkuRruRaUAoqI8H5/C1wKSrCyzIG +UIlj+IiJarsQ2sovZGd+sG4l14fMKzNCkSRe2Cje+s2Kb9kzQ02wfkAF/ssg/nC NlZ2diJki6Qiq/B57Qkrb2tik3wbJfFNJfEs4q13BjIzDOAlPY5unk7/hdeCWAfP x7udF1wSg0d01uFeF9zKeRxENHCsCkzvgH23ZRe4y7prKvrrSU9tq2Sz2m57JB82 epgm0lAmUuGaWvTUu9Kl2cpyZSGNdQQtObp9X+1BBrjikWMCF3q1MUoAUvhIkHe8 0IhhiOyVY6nYMChlqxjhjnjYUa7Q+fFpzP66KBZ05ZB8Qyr1KDTIwLcA/70Kt3rz X4KHxE9AMR2tUPr1ejQu1bfuuag5nBwJfePh4dSysZoz+Yvh2lQNp8zNttpKYPgq Idg/0+asrqsqmdfpt+6N5/M52I9nZpjaSxYLLORoOpelMdEdHJw= =83aZ -----END PGP SIGNATURE-----