OPENSUSE-SU-2026:20408-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 20 Mar 2026, 14:50
Last modified:29 Mar 2026, 17:23
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
20 Mar 2026, 14:50
Published
Vulnerability first disclosed
29 Mar 2026, 17:23
Last Modified
Vulnerability information updated
Description
Security update for postgresql18 This update for postgresql18 fixes the following issues: - Update to version 18.3. (bsc#1258754) - CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) - CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) - CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) - CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) - CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. (bsc#1258012)
Affected Systems
- opensuse•postgresql18-mini&distro=openSUSE Leap 16.0
< 18.3-160000.1.1
- opensuse•postgresql18&distro=openSUSE Leap 16.0
< 18.3-160000.1.1
References (11)
- https://bugzilla.suse.com/1258008
- https://bugzilla.suse.com/1258009
- https://bugzilla.suse.com/1258010
- https://bugzilla.suse.com/1258011
- https://bugzilla.suse.com/1258012
- https://bugzilla.suse.com/1258754
- https://www.suse.com/security/cve/CVE-2026-2003
- https://www.suse.com/security/cve/CVE-2026-2004
- https://www.suse.com/security/cve/CVE-2026-2005
- https://www.suse.com/security/cve/CVE-2026-2006
- https://www.suse.com/security/cve/CVE-2026-2007