This Red Hat security advisory (RHSA-2026:21182) announces an update to Red Hat Hardened Images RPMs, including multiple postgresql17 packages updated to version 17.10-0.1.hum1 for aarch64 and x86_64 architectures. The update addresses four CVEs (CVE-2026-6475, CVE-2026-6477, CVE-2026-6478, CVE-2026-6575) involving vulnerabilities related to improper file handling, buffer overflows, privilege issues, and memory safety (CWE-59, CWE-120, CWE-385, CWE-805). The advisory provides links to the updated packages and references but does not detail specific exploit techniques or impacts. No known exploits have been reported in the wild. The update is classified as a security advisory with high severity, indicating significant potential impact if unpatched.

The vulnerabilities addressed involve critical security weaknesses such as improper file handling, buffer overflows, privilege escalation, and memory safety issues in the postgresql17 packages within Red Hat Hardened Images. These could potentially allow attackers to execute arbitrary code, escalate privileges, or cause denial of service if exploited. However, no known exploits in the wild have been reported at this time.

Red Hat has released updated postgresql17 RPM packages version 17.10-0.1.hum1 that include fixes for the identified vulnerabilities. Users of Red Hat Hardened Images should apply these updates promptly to mitigate the security risks. Detailed instructions and updated packages are available via the Red Hat advisory links. Patch status is confirmed by the availability of these updated RPMs.