Multiple vulnerabilities in PostgreSQL 15, including CVE-2026-6473 (CVSS 8.8 HIGH), may lead to authorization bypass, arbitrary code execution, information disclosure, privilege escalation, SQL injection, or denial of service. For Debian 12 (Bookworm), these issues are fixed in postgresql-15 version 15.18-0+deb12u1. Administrators should prioritize upgrading affected packages to this version.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6269-1] postgresql-15 security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6269-1] postgresql-15 security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Thu, 14 May 2026 14:25:48 +0000 Message-id: <[🔎] agXbbOWONHmECTYv@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6269-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-15 CVE ID : CVE-2026-6472 CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478 CVE-2026-6479 CVE-2026-6637 Multiple security issues were discovered in PostgreSQL, which may result in authorisation bypass, execution of arbitrary code, information disclosure, privilege escalation, SQL injection or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 15.18-0+deb12u1. We recommend that you upgrade your postgresql-15 packages. For the detailed security status of postgresql-15 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/postgresql-15 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoF2pEACgkQEMKTtsN8 TjamQQ//W5wJVI3CwW/jYa9PgJgwkYVbA/nj/0wwjOjWTcp4HlVkfUFcyjnmDa38 +C9HXJYXC0Kq5RMFSrUVAYwfCuuG4qhU8geV72dzJWFJvRjTyOGNmGi5mV9Hoj8X xPwJppmwzXgrfrvX8LjuNtKehRldXGUXb9OPnWcbPt5U/lBWAzQTQxlvYZTmBBek rhFUFzBpZh1MEedyUOPTmVXQCrWr7BY+GwbLGoXPtwGjdWKmbkVbXWcavD0Xzf38 mX09zKnSR9pG0w4ttWKX67ruAcPrvzyGKxSfwLigza0Q0AOW9Nr3fG8rhDgeryIu 9VTgC6bDqCbkOZk85gKZOobW0YyRJMYlf5DrCu5PpnlzOAM4rKSB3Sh63K7x9P36 dqPExv+yrD11b15aU43oFTP1i56k/FtMeCAIWU2Oawo/GkoEzCTMMt0Nbe1PmVsL /DvGFKFFm3uGUmyKvUOJjvjSmYcziKUZs3p1AQNz8S/1jHHlqbNYRrolzkQAshC+ j/0uoQuAV3q9H3IDxd52zJ3P2pwz0IU36gxHS8WaSeB+u+QCPQFzK+uivsyJzZHq sV7u/RRAs4dxCJChIY4jfjcPUdu8tt8rktTo6jeP8/0HIXybBjo+8SydEk5AElbV X+/sLEWTWAGk32kQBaEUz11x7121TViyy9xFaBBQIBwqDcQB2hU= =89Il -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6268-1] ffmpeg security update Next by Date: [SECURITY] [DSA 6270-1] postgresql-17 security update Previous by thread: [SECURITY] [DSA 6268-1] ffmpeg security update Next by thread: [SECURITY] [DSA 6270-1] postgresql-17 security update Index(es): Date Thread