This Red Hat security advisory (RHSA-2026:22878) announces an update to Red Hat Hardened Images RPMs, specifically PostgreSQL 18 packages, to address multiple security vulnerabilities tracked under six CVEs. The update includes new versions of various PostgreSQL RPMs for aarch64 and x86_64 architectures. The advisory does not detail the nature of the vulnerabilities or the exact fixes but references multiple CWE categories including integer overflow (CWE-190), format string vulnerabilities (CWE-134), symbolic link attacks (CWE-59), buffer overflows (CWE-120), authorization issues (CWE-385), and out-of-bounds writes (CWE-805). No exploits are known in the wild, and no explicit patch links are provided beyond the updated RPM versions.

The vulnerabilities affect Red Hat Hardened Images RPMs, particularly PostgreSQL 18 packages, potentially allowing issues such as memory corruption, authorization bypass, or other security flaws as indicated by the CWE list. The severity is assessed as high by the source. However, no known exploits have been reported in the wild. The impact is limited to affected Red Hat Hardened Images and PostgreSQL 18 RPMs on aarch64 and x86_64 architectures.

An update to the affected RPM packages is available from Red Hat as detailed in advisory RHSA-2026:22878. Users should apply the updated PostgreSQL 18 RPM packages (version 18.4-0.1.hum1) for their respective architectures to remediate the vulnerabilities. Refer to https://images.redhat.com/ and the official Red Hat advisory for instructions on applying the update. Patch status is confirmed by the vendor advisory. No additional mitigation steps are specified.