Red Hat Product Errata RHSA-2026:19009 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19009 - Security Advisory Overview Updated Packages Synopsis Important: postgresql18 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for postgresql18 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory (CVE-2026-2007) postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003) postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006) postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004) postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2439320 - CVE-2026-2007 postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory BZ - 2439322 - CVE-2026-2003 postgresql: PostgreSQL oidvector discloses a few bytes of memory BZ - 2439324 - CVE-2026-2006 postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code BZ - 2439325 - CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code BZ - 2439326 - CVE-2026-2005 postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CVEs CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 CVE-2026-2007 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM postgresql18-18.3-1.el10_2.src.rpm SHA-256: 3a947189cceda20d346a6fb7e61677aa392a49b8f26e43dc40ac246a522b70d5 x86_64 postgresql18-18.3-1.el10_2.x86_64.rpm SHA-256: cff643723097a3d8b267b23eba465e841c066f68d4eb6b5bbf2cf2a367613ee6 postgresql18-contrib-18.3-1.el10_2.x86_64.rpm SHA-256: a2653c747c4b3f180235f4c446e240de0e933418bb3cdf6be6d178b3e80bf03d postgresql18-contrib-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 90411b1f87246f5be5fe426f249bba62ccdd37749192424123fd9f49f3ef80c3 postgresql18-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 4fdcd85fad6f6b9017d9af3381c6c534501459272c4f3b02d94123cc7a8bdd8f postgresql18-debugsource-18.3-1.el10_2.x86_64.rpm SHA-256: 74311ad015bf01219fd9fb6051f11d6bb9e4bcefe0325da3306f8b5888f91327 postgresql18-docs-18.3-1.el10_2.x86_64.rpm SHA-256: f0ab3aeee7cbfe9a9f07d72924e852e52f97931a2cea9dd729246fa5aa961de0 postgresql18-docs-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: c7570f945db34e42d5e76ba201d50b1c5a06c31aff43642462bb3218cb1eea30 postgresql18-plperl-18.3-1.el10_2.x86_64.rpm SHA-256: 9efd28ff9deb640bd92c061925146045e3e5c0f84fe0e9be89cbb0a549292183 postgresql18-plperl-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 04014ba8721a91bdf21982c8249fb145d975fda365afd5bf4697e387d6c91ba2 postgresql18-plpython3-18.3-1.el10_2.x86_64.rpm SHA-256: fa022a41dc21201472da73096d15a426a10f2037a22691505dbc20f0606afe55 postgresql18-plpython3-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 222d9410282fda7432ff525c720fe99d489f996e03f5e09a0a3dfd1475559b52 postgresql18-pltcl-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 742563edf37262ea8a72d296d8ebeb14d00ecd20bc655b2e6a905aedb4cc87fc postgresql18-private-devel-18.3-1.el10_2.x86_64.rpm SHA-256: 4795804927341c2280e1898908954966cacc0144ba52a1d1130c087441487134 postgresql18-private-libs-18.3-1.el10_2.x86_64.rpm SHA-256: 0285c74937ed33a0990ee8aa5cfedf65d88fd9d694e3eda90e1ab46b5cfa6044 postgresql18-private-libs-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: a84c51340dabebf39d46648aab1ca997e8c5fda5f66313039b4565d5b9e9a692 postgresql18-server-18.3-1.el10_2.x86_64.rpm SHA-256: cfc2f2fd4967be0b902c06f6722b5b620da0936306fc1ddaec551d8c80df59c8 postgresql18-server-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 2ee26fc9dfb3a06aa2c9d5606f1d916779378dbebeac7df5ce1cdb1d207ec7e8 postgresql18-server-devel-18.3-1.el10_2.x86_64.rpm SHA-256: 872063873ab4700f15a98b5461f5835243e3bddc3cd3cef2a9b22c81f8692d36 postgresql18-server-devel-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 3fbe18f849692837917b08857a83b2f609a04c394f550a5d25c16ee0ba7beaa5 postgresql18-static-18.3-1.el10_2.x86_64.rpm SHA-256: d359b0aef3fbfccbd7dc59793487635b7094a38922de15ecdf63f827124c57b3 postgresql18-test-18.3-1.el10_2.x86_64.rpm SHA-256: 9ffde1a33dc6c15b6dfa8aa03b3927700ddc2dc3e93adf32a0d687c9563a4541 postgresql18-test-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: f8818a43dec78a57d4e15be64b70f884a82fef2dfb432ade9d3d2bac3ab1acbc postgresql18-upgrade-18.3-1.el10_2.x86_64.rpm SHA-256: d3856a84ffc2ddd5362dde9725fcb3138b714525a9403717ca8ea3e9eebc47f7 postgresql18-upgrade-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: d64f9224febf862f3d71f15cb22b9263be4605996ae1b60168789cb13d5555f9 postgresql18-upgrade-devel-18.3-1.el10_2.x86_64.rpm SHA-256: 0d56aae57ff024b40d40fb984a4295c8cd31a677394559932643d93ed68e035f postgresql18-upgrade-devel-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: ccfa050b1d5276206352e5685983bf5901775b189ed3da87cdc367ee5d3dd8ea Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM postgresql18-18.3-1.el10_2.src.rpm SHA-256: 3a947189cceda20d346a6fb7e61677aa392a49b8f26e43dc40ac246a522b70d5 x86_64 postgresql18-18.3-1.el10_2.x86_64.rpm SHA-256: cff643723097a3d8b267b23eba465e841c066f68d4eb6b5bbf2cf2a367613ee6 postgresql18-contrib-18.3-1.el10_2.x86_64.rpm SHA-256: a2653c747c4b3f180235f4c446e240de0e933418bb3cdf6be6d178b3e80bf03d postgresql18-contrib-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 90411b1f87246f5be5fe426f249bba62ccdd37749192424123fd9f49f3ef80c3 postgresql18-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 4fdcd85fad6f6b9017d9af3381c6c534501459272c4f3b02d94123cc7a8bdd8f postgresql18-debugsource-18.3-1.el10_2.x86_64.rpm SHA-256: 74311ad015bf01219fd9fb6051f11d6bb9e4bcefe0325da3306f8b5888f91327 postgresql18-docs-18.3-1.el10_2.x86_64.rpm SHA-256: f0ab3aeee7cbfe9a9f07d72924e852e52f97931a2cea9dd729246fa5aa961de0 postgresql18-docs-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: c7570f945db34e42d5e76ba201d50b1c5a06c31aff43642462bb3218cb1eea30 postgresql18-plperl-18.3-1.el10_2.x86_64.rpm SHA-256: 9efd28ff9deb640bd92c061925146045e3e5c0f84fe0e9be89cbb0a549292183 postgresql18-plperl-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 04014ba8721a91bdf21982c8249fb145d975fda365afd5bf4697e387d6c91ba2 postgresql18-plpython3-18.3-1.el10_2.x86_64.rpm SHA-256: fa022a41dc21201472da73096d15a426a10f2037a22691505dbc20f0606afe55 postgresql18-plpython3-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 222d9410282fda7432ff525c720fe99d489f996e03f5e09a0a3dfd1475559b52 postgresql18-pltcl-debuginfo-18.3-1.el10_2.x86_64.rpm SHA-256: 742563edf37262ea8a72d296d8ebeb14d00ecd20bc655b2e6a905aedb4cc87fc postgresql18-private-devel-18.3-1.el10_2.x86_64.rpm SHA-256: 4795804927341c2280e1898908954966cacc0144ba52a1d1130c087441487134 postgresql18-private-libs-18.3-1.el10_2.x86_64.rpm SHA-256: 0285c74937ed33a0990ee8aa5cfedf65d88fd9d694e3eda90e1ab46b5cfa6044 p