Security update for postgresql14
A security update for PostgreSQL 14 (version 14. 23) addresses multiple vulnerabilities including privilege enforcement, integer overflows, malicious time zone name handling, path traversal, unsafe function usage, timing attacks in authentication, unbounded recursion, and SQL injection with buffer overruns. These issues affect SUSE distributions of PostgreSQL 14 and are fixed in this update. No known exploits in the wild have been reported. The update also includes non-security fixes related to system compatibility and tooling.
AI Analysis
Technical Summary
This SUSE security update for PostgreSQL 14 upgrades the software to version 14.23, resolving eight security vulnerabilities: CVE-2026-6472 ensures users have CREATE privilege on schemas; CVE-2026-6473 fixes integer overflows in memory allocation; CVE-2026-6474 guards against malicious time zone names; CVE-2026-6475 prevents path traversal in pg_basebackup and pg_rewind; CVE-2026-6477 marks PQfn() as unsafe and avoids its use in libpq; CVE-2026-6478 implements timing-safe string comparisons in authentication; CVE-2026-6479 prevents unbounded recursion in startup packet processing; and CVE-2026-6637 prevents SQL injection and buffer overruns in contrib/spi. The update is specific to SUSE PostgreSQL 14 packages on aarch64 architecture.
Potential Impact
The vulnerabilities collectively could allow unauthorized schema creation, memory corruption via integer overflows, exploitation through crafted time zone names, directory traversal attacks, unsafe function calls leading to potential instability or exploitation, timing attacks on authentication, denial of service via recursion, and SQL injection with buffer overruns. These issues pose a high security risk to affected PostgreSQL 14 installations on SUSE systems if unpatched. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
An official security update to PostgreSQL 14 version 14.23 is available from the SUSE Product Security Team. Applying this update will remediate all listed vulnerabilities. Users should upgrade affected PostgreSQL 14 packages on SUSE systems to this fixed version promptly. No additional mitigation steps are indicated beyond applying the official patch.
Security update for postgresql14
Description
A security update for PostgreSQL 14 (version 14. 23) addresses multiple vulnerabilities including privilege enforcement, integer overflows, malicious time zone name handling, path traversal, unsafe function usage, timing attacks in authentication, unbounded recursion, and SQL injection with buffer overruns. These issues affect SUSE distributions of PostgreSQL 14 and are fixed in this update. No known exploits in the wild have been reported. The update also includes non-security fixes related to system compatibility and tooling.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This SUSE security update for PostgreSQL 14 upgrades the software to version 14.23, resolving eight security vulnerabilities: CVE-2026-6472 ensures users have CREATE privilege on schemas; CVE-2026-6473 fixes integer overflows in memory allocation; CVE-2026-6474 guards against malicious time zone names; CVE-2026-6475 prevents path traversal in pg_basebackup and pg_rewind; CVE-2026-6477 marks PQfn() as unsafe and avoids its use in libpq; CVE-2026-6478 implements timing-safe string comparisons in authentication; CVE-2026-6479 prevents unbounded recursion in startup packet processing; and CVE-2026-6637 prevents SQL injection and buffer overruns in contrib/spi. The update is specific to SUSE PostgreSQL 14 packages on aarch64 architecture.
Potential Impact
The vulnerabilities collectively could allow unauthorized schema creation, memory corruption via integer overflows, exploitation through crafted time zone names, directory traversal attacks, unsafe function calls leading to potential instability or exploitation, timing attacks on authentication, denial of service via recursion, and SQL injection with buffer overruns. These issues pose a high security risk to affected PostgreSQL 14 installations on SUSE systems if unpatched. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
An official security update to PostgreSQL 14 version 14.23 is available from the SUSE Product Security Team. Applying this update will remediate all listed vulnerabilities. Users should upgrade affected PostgreSQL 14 packages on SUSE systems to this fixed version promptly. No additional mitigation steps are indicated beyond applying the official patch.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- SUSE Product Security Team
- Advisory Id
- SUSE-SU-2026:2117-1
- Cve Count
- 8
- Additional Cves
- ["CVE-2026-6473","CVE-2026-6474","CVE-2026-6475","CVE-2026-6477","CVE-2026-6478","CVE-2026-6479","CVE-2026-6637"]
- Cvss Version
- null
Threat ID: 6a1ca16ae29bf47b505e4662
Added to database: 5/31/2026, 9:00:26 PM
Last enriched: 5/31/2026, 9:03:26 PM
Last updated: 6/1/2026, 1:07:01 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.