[CLSA-2026:1780993103] Fix CVE(s): CVE-2026-6474, CVE-2026-6478, CVE-2026-6637
Type:
security
Severity:
Low
Release date:
2026-06-09 08:18:43 UTC
Description:
* SECURITY UPDATE: Fix stack buffer overrun and SQL injection in refint contrib module - debian/patches/CVE-2026-6637.patch: Fix stack buffer overrun and SQL injection in refint contrib module, plus follow-up segfault fix in check_foreign_key() when a CASCADE update key value is NULL - CVE-2026-6637 * SECURITY UPDATE: Fix format-string memory disclosure via crafted time zone in timeofday() (also harden pg_strftime() error handling) - debian/patches/CVE-2026-6474.patch: Fix format-string memory disclosure via crafted time zone in timeofday() (also harden pg_strftime() error handling) - CVE-2026-6474 * SECURITY UPDATE: Use timingsafe_bcmp() in MD5 password and RADIUS authentication paths to prevent timing side-channel - debian/patches/CVE-2026-6478.patch: Use timingsafe_bcmp() in MD5 password and RADIUS authentication paths to prevent timing side-channel - CVE-2026-6478
CVEs fixed:
Updated packages:
  • libecpg-compat3-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:6c0bbd875f8ee9ae71af9d12a4939efcc60668ac
  • libecpg-dev-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:e27520b4a04e950eea3c80406499d5262cf7aa83
  • libecpg6-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:ccbb24b48fd09d0827fd8f63db555baf227ab01d
  • libpgtypes3-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:42542e4e9fbcaec1cde78a7caacec040601dda77
  • libpq-dev-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:642e65927fa5a8a95e55939e8f33e5e6cd8cc22b
  • libpq5-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:77badc5c8a6c0c75a42653b4a2204541b2ccb27d
  • postgresql-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:d5f6694198e9b9534eb4c3867944b605175333fb
  • postgresql-client-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:6ab16db245c402bbbfa9895e4b2fc76ae132e727
  • postgresql-contrib-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:856970b1854b4bdc1b519cd95c9589d249907902
  • postgresql-doc-9.6_9.6.24-0+deb10u1+tuxcare.els2_all.deb
    sha:f0c29a7a266ac002aa85749966badf8090bed382
  • postgresql-plperl-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:3f42da30d9744f1f4b28c0f2583bed0f38c32388
  • postgresql-plpython-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:96053611db63061e46542db20296d3ee4f86918f
  • postgresql-plpython3-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:1c0d7f0ed5e7fb38e984b9bd3511f0d7ce85767c
  • postgresql-pltcl-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:490a9eb6a35cfb23b1ea846d02ee3cb34e45222f
  • postgresql-server-dev-9.6_9.6.24-0+deb10u1+tuxcare.els2_amd64.deb
    sha:44c99c8c553ca79b5562c8ea112b7afb53caa05c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.