Red Hat Product Errata RHSA-2026:19010 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19010 - Security Advisory Overview Updated Packages Synopsis Important: postgresql16 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for postgresql16 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003) postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006) postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004) postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2439322 - CVE-2026-2003 postgresql: PostgreSQL oidvector discloses a few bytes of memory BZ - 2439324 - CVE-2026-2006 postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code BZ - 2439325 - CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code BZ - 2439326 - CVE-2026-2005 postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CVEs CVE-2026-2003 CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM postgresql16-16.13-1.el10_2.src.rpm SHA-256: 29ceb480e92a136793995b3d1bb1e13dd545ee7dd3982932117922234bd26955 x86_64 postgresql-16.13-1.el10_2.x86_64.rpm SHA-256: b1dde794cbe8e9207a5473fad519f6cb8b166b19f597faf55ae8471631f90d77 postgresql-contrib-16.13-1.el10_2.x86_64.rpm SHA-256: c698ab9b64f57fd0e2069f41d1889c49de676b1e1d97a57d912867db24b26ed6 postgresql-contrib-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 207755d5cb712d21c5fad6cbd16c55f21ec2d14f7f977c6081edd4a508e90488 postgresql-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: b2a8a6d85e0f2794c3de6faeb08f2d105bcfbfb1c660bea7990097b516d8d689 postgresql-docs-16.13-1.el10_2.x86_64.rpm SHA-256: 7a668f328608c56582b93045b6085665956e66d3cf16febbef9d4cb84e6f8bbe postgresql-docs-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 897b3176e13ee616ce9024544666b37f1075adc5d8098a77d122b6ab140de45b postgresql-plperl-16.13-1.el10_2.x86_64.rpm SHA-256: afe80cf9d1c86d54b3cba7240362080b7201d65896afe91815bd25e600511a1d postgresql-plperl-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 75fa593bc39fd2271ca1b5260169c809942067db3c6857a150dbcb49ab9d33da postgresql-plpython3-16.13-1.el10_2.x86_64.rpm SHA-256: 39cc1b684f2d066e9ad91aeb3e5d1a25b51726b5dd59c77643c077519d2be7d3 postgresql-plpython3-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 8a67cbc50d442a6a4e2d8eb25de80d653d5b8e0a07965ef5b8f7e7a923df57c2 postgresql-pltcl-16.13-1.el10_2.x86_64.rpm SHA-256: 6c3362bf330e69ba76a0d5ea7cb4a28c72c092f75fac729c8a249641f725ee38 postgresql-pltcl-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: dc8b8f86efe84254764e8952b5bb9442bf12ac29adafab9e1e48952fa3d2e738 postgresql-private-devel-16.13-1.el10_2.x86_64.rpm SHA-256: efaa6fe07233f11a8c5f20e87bdd8319270b8bd4fe395457d6791e972279ee59 postgresql-private-libs-16.13-1.el10_2.x86_64.rpm SHA-256: 9ee81fbea63025dcbcc17ff78b2b573d5de93d7434760b9cd16c6cc6bfdf1bb0 postgresql-private-libs-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 947699d3a7a68e2f51e37042e60c95c4232963845b15f16c1ec21716ba2e1223 postgresql-server-16.13-1.el10_2.x86_64.rpm SHA-256: ca23a7166a47f64317bbb8a7cb125b0822c69ec83856a05bf0f0ffd5d197ca36 postgresql-server-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 6464a1556e2dd16d8752a49956219d9b14b70dc0996c7713a5b5dbe69494d42a postgresql-server-devel-16.13-1.el10_2.x86_64.rpm SHA-256: f348f191c3b1569dd272b39da6f834fd4b4772d88cfe9f1a9147e5a968e2dc74 postgresql-server-devel-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 4becec73d2565d97e8c5a79f2c4caf325d4ec0b4cd301acc8ed2e30c2f6a16ee postgresql-static-16.13-1.el10_2.x86_64.rpm SHA-256: e5d630813c6e70755ecc515863bfe10185930fb002de2539fc1b7947b1fdd089 postgresql-test-16.13-1.el10_2.x86_64.rpm SHA-256: 49324d80ed1977a5a794f5cadcefece2a8f3478d40e47ceb81e8d0c8def6103e postgresql-test-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 5c2ab62364802572e51d848f2c3cd140a4ed738047c91feb24507255a9d7cc5f postgresql-upgrade-16.13-1.el10_2.x86_64.rpm SHA-256: e6c7ac425a769a9c033bfe0deed43a2430ce5781751e8744e5aa634a259664da postgresql-upgrade-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 2bab212634c862aca410d35d38471b3a93779ac2f6d2fa596db2849d6f03d183 postgresql-upgrade-devel-16.13-1.el10_2.x86_64.rpm SHA-256: 7d631beec4dde6f2f06af4a9866d80e82cd0a7575fdc1a883b6ace7bef90aad4 postgresql-upgrade-devel-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: c44aeaa4e8b7acb89a9c15c2f048a0ab381debccabd0c0bab9385ecdec79f005 postgresql16-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 41a99a15f4c749637560d696042f5daea1a35604cfe3f5365e17d73a9808b09d postgresql16-debugsource-16.13-1.el10_2.x86_64.rpm SHA-256: 7f129ff2be7d66ec116230e09d9a653b05f09cf43f5a381bf17905085b617e0f Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM postgresql16-16.13-1.el10_2.src.rpm SHA-256: 29ceb480e92a136793995b3d1bb1e13dd545ee7dd3982932117922234bd26955 x86_64 postgresql-16.13-1.el10_2.x86_64.rpm SHA-256: b1dde794cbe8e9207a5473fad519f6cb8b166b19f597faf55ae8471631f90d77 postgresql-contrib-16.13-1.el10_2.x86_64.rpm SHA-256: c698ab9b64f57fd0e2069f41d1889c49de676b1e1d97a57d912867db24b26ed6 postgresql-contrib-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 207755d5cb712d21c5fad6cbd16c55f21ec2d14f7f977c6081edd4a508e90488 postgresql-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: b2a8a6d85e0f2794c3de6faeb08f2d105bcfbfb1c660bea7990097b516d8d689 postgresql-docs-16.13-1.el10_2.x86_64.rpm SHA-256: 7a668f328608c56582b93045b6085665956e66d3cf16febbef9d4cb84e6f8bbe postgresql-docs-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 897b3176e13ee616ce9024544666b37f1075adc5d8098a77d122b6ab140de45b postgresql-plperl-16.13-1.el10_2.x86_64.rpm SHA-256: afe80cf9d1c86d54b3cba7240362080b7201d65896afe91815bd25e600511a1d postgresql-plperl-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 75fa593bc39fd2271ca1b5260169c809942067db3c6857a150dbcb49ab9d33da postgresql-plpython3-16.13-1.el10_2.x86_64.rpm SHA-256: 39cc1b684f2d066e9ad91aeb3e5d1a25b51726b5dd59c77643c077519d2be7d3 postgresql-plpython3-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: 8a67cbc50d442a6a4e2d8eb25de80d653d5b8e0a07965ef5b8f7e7a923df57c2 postgresql-pltcl-16.13-1.el10_2.x86_64.rpm SHA-256: 6c3362bf330e69ba76a0d5ea7cb4a28c72c092f75fac729c8a249641f725ee38 postgresql-pltcl-debuginfo-16.13-1.el10_2.x86_64.rpm SHA-256: dc8b8f86efe84254764e8952b5bb9442bf12ac29adafab9e1e48952fa3d2e738 postgresql-private-devel-16.13-1.el10_2.x86_64.rpm SHA-256: efaa6fe07233f11a8c5f20e87bdd8319270b8bd4fe395457d6791e972279ee59 postgresql-private-libs-16.13-1.el10_2.x86_64.rpm SHA-256: 9ee81fbea63025dcbcc17ff78b2b573d5de93d7434760b9cd16c6cc6bfdf1bb0 postgresql-private-libs-debuginfo-