Description:
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.
Security Fix(es):
* postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)
* postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)
* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
libpq-13.23-2.el8_10.aarch64.rpm |
3c43ef8411285de93d34c99d3ada70ad5664c0f505f3e99f7abb69b219226e12 |
| aarch64 |
libpq-devel-13.23-2.el8_10.aarch64.rpm |
a12a549aa7c39b15dab2ad0a27d9226ce2bd319fa01a6d5e1a54227a25dcb90a |
| i686 |
libpq-devel-13.23-2.el8_10.i686.rpm |
0412168c762ffdce2769d14cd3a096be4f8463abd40fd79aa3c4fcb2b3f9f97d |
| i686 |
libpq-13.23-2.el8_10.i686.rpm |
beb3822fb552ad58d34d9d444c4c57f738754765e7eaa0b1c443a116b82b0643 |
| ppc64le |
libpq-devel-13.23-2.el8_10.ppc64le.rpm |
46466b775a48091457dbd41cf4f2c8681882b0ab4dcb6eeaeca24c5a04dbb1a2 |
| ppc64le |
libpq-13.23-2.el8_10.ppc64le.rpm |
8b073cecd7f78b6ef3ea5e0ed23a2b4ddbb6bd0bfef6ec744f2a6c4dbf6ad09d |
| s390x |
libpq-13.23-2.el8_10.s390x.rpm |
a67222d436d0d42722dbd36a1fbabb9e163fa961393347c73d2c1554008cc8f5 |
| s390x |
libpq-devel-13.23-2.el8_10.s390x.rpm |
fc9c946f4c268d4543ecfaef9a267219210068a36a0f4f421eccf0de1ba7d98e |
| x86_64 |
libpq-13.23-2.el8_10.x86_64.rpm |
6fef4c26a99852e6822afaf43bb0398a0456a919f198e991b05b5268853ec0be |
| x86_64 |
libpq-devel-13.23-2.el8_10.x86_64.rpm |
8b3cf31b13505048d6e1343ff8be908af795d66409ef04d1e67dadd037ceb1f6 |
