openSUSE-SU-2026:20447-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20447-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2026:20447-1
Upstream
Related
Published
2026-03-30T14:27:44Z
Modified
2026-04-03T17:24:48.145842Z
Summary
Security update for postgresql16
Details

This update for postgresql16 fixes the following issues:

  • Update to versio 16.13. (bsc#1258754)
  • CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008)
  • CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009)
  • CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010)
  • CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011)
References

Affected packages

openSUSE:Leap 16.0 / postgresql16

Package

Name
postgresql16
Purl
pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Leap%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.13-160000.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "postgresql16-docs": "16.13-160000.1.1",
            "postgresql16-plperl": "16.13-160000.1.1",
            "postgresql16-llvmjit": "16.13-160000.1.1",
            "postgresql16-pltcl": "16.13-160000.1.1",
            "postgresql16-server-devel": "16.13-160000.1.1",
            "postgresql16-devel": "16.13-160000.1.1",
            "postgresql16-contrib": "16.13-160000.1.1",
            "postgresql16-llvmjit-devel": "16.13-160000.1.1",
            "postgresql16-server": "16.13-160000.1.1",
            "postgresql16-plpython": "16.13-160000.1.1",
            "postgresql16": "16.13-160000.1.1",
            "postgresql16-test": "16.13-160000.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20447-1.json"