Bug 35133 - postgresql new security issues CVE-2026-200[3-7]
Summary: postgresql new security issues CVE-2026-200[3-7]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2026-02-13 15:20 CET by Nicolas Salguero
Modified: 2026-02-17 18:47 CET (History)
4 users (show)

See Also:
Source RPM: postgresql15
CVE: CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-02-13 15:20:04 CET 
PostgreSQL has released new versions on February 12:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
Comment 1 Nicolas Salguero 2026-02-13 15:21:30 CET 
PostgreSQL 13 reached its end of life so it will not be corrected.

Source RPM: (none) => postgresql18, postgresql15
Flags: (none) => affects_mga9+
CVE: (none) => CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007
Whiteboard: (none) => MGA9TOO

Comment 2 Nicolas Salguero 2026-02-15 11:04:45 CET 
For Cauldron, I asked for a freeze move.
Comment 3 Nicolas Salguero 2026-02-15 11:09:11 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

PostgreSQL oidvector discloses a few bytes of memory. (CVE-2026-2003)

PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. (CVE-2026-2004)

PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. (CVE-2026-2005)

PostgreSQL missing validation of multibyte character length executes arbitrary code. (CVE-2026-2006)

PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory. (CVE-2026-2007)

References:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
========================

Updated packages in core/updates_testing:
========================
lib(64)ecpg15_6-15.16-1.mga9
lib(64)pq5-15.16-1.mga9
postgresql15-15.16-1.mga9
postgresql15-contrib-15.16-1.mga9
postgresql15-devel-15.16-1.mga9
postgresql15-docs-15.16-1.mga9
postgresql15-pl-15.16-1.mga9
postgresql15-plperl-15.16-1.mga9
postgresql15-plpgsql-15.16-1.mga9
postgresql15-plpython3-15.16-1.mga9
postgresql15-pltcl-15.16-1.mga9
postgresql15-server-15.16-1.mga9

from SRPM:
postgresql15-15.16-1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA9TOO => (none)
Source RPM: postgresql18, postgresql15 => postgresql15
Version: Cauldron => 9
Flags: affects_mga9+ => (none)

Comment 4 Herman Viaene 2026-02-16 12:16:01 CET 
MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 34608 Comment 2 for testing.
# systemctl start postgresql
[root@mach3 ~]# systemctl -l status postgresql
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled)
     Active: active (running) since Mon 2026-02-16 11:43:59 CET; 12s ago
    Process: 78008 ExecStartPre=/usr/libexec/postgresql_initdb.sh ${PGDATA} (code=exited, status=0/SUCCESS)
    Process: 78009 ExecStart=/usr/bin/pg_ctl start -D ${PGDATA} -s -o -p ${PGPORT} -w -t 300 (code=exited, status=0/SUCCESS)
   Main PID: 78011 (postgres)
      Tasks: 7 (limit: 8805)
     Memory: 21.4M
        CPU: 230ms
     CGroup: /system.slice/postgresql.service
             ├─78011 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─78013 "postgres: checkpointer "
             ├─78014 "postgres: background writer "
             ├─78015 "postgres: walwriter "
             ├─78016 "postgres: autovacuum launcher "
             ├─78017 "postgres: stats collector "
             └─78018 "postgres: logical replication launcher "

Feb 16 11:43:58 mach3.hviaene.thuis systemd[1]: Starting postgresql.service...
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78011]: 2026-02-16 11:43:59.184 CET [78011] LOG:  starting PostgreSQL 13.23 on x86_64-mageia-linux-gnu, c>
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78011]: 2026-02-16 11:43:59.186 CET [78011] LOG:  listening on IPv6 address "::1", port 5432
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78011]: 2026-02-16 11:43:59.186 CET [78011] LOG:  listening on IPv4 address "127.0.0.1", port 5432
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78011]: 2026-02-16 11:43:59.227 CET [78011] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78012]: 2026-02-16 11:43:59.497 CET [78012] LOG:  database system was shut down at 2025-11-17 18:02:27 CET
Feb 16 11:43:59 mach3.hviaene.thuis pg_ctl[78011]: 2026-02-16 11:43:59.693 CET [78011] LOG:  database system is ready to accept connections
Feb 16 11:43:59 mach3.hviaene.thuis systemd[1]: Started postgresql.service.

Then as normal user

$ psql -U postgres
psql (15.16, server 13.23)
Type "help" for help.

postgres=# create database mageia;
CREATE DATABASE
postgres=# \c mageia;
psql (15.16, server 13.23)
You are now connected to database "mageia" as user "postgres".
mageia=# create table mag_versions (name varchar(12), cr_date date);
CREATE TABLE
mageia=# create index magidx on mag_versions(name);
CREATE INDEX
mageia=# insert into mag_versions values ('9', '26-Aug-2023');
INSERT 0 1
mageia=# insert into mag_versions values ('8', '2-Feb-2021');
INSERT 0 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
(2 rows)

mageia=# insert into mag_versions values ('10', '25-Jun-2026');
INSERT 0 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
 10   | 2026-06-25
(3 rows)

mageia=# delete from mag_versions where name = '10';
DELETE 1
mageia=# select * from mag_versions;
 name |  cr_date   
------+------------
 9    | 2023-08-26
 8    | 2021-02-02
(2 rows)

mageia=# quit


Then used phppgadmin to login as user testpg, give it privileges:
# GRANT ALL 
ON ALL TABLES 
IN SCHEMA public TO testerpg;
GRANT
postgres=# alter user testerpg createdb;
ALTER ROLE

connect to the database and create my usual table with serial column as PK, char column as unique key, other char column and timestamp column with current_timestamp as default.
Inserted a few records.

All works OK.

Flags: (none) => test_passed_mga9_64+
Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 5 PC LX 2026-02-16 18:33:55 CET 
Installed and tested without issues.

Tested using the CLI command psql (see below).



System: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.



# uname -a
Linux marte 6.6.120-server-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 03:15:42 UTC 2026 x86_64 GNU/Linux
# rpm -qa | grep 15.16 | sort
lib64pq5-15.16-1.mga9
postgresql15-15.16-1.mga9
postgresql15-plpgsql-15.16-1.mga9
postgresql15-server-15.16-1.mga9
# systemctl status postgresql.service 
● postgresql.service - PostgreSQL database server
     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; disabled; preset: disabled)
     Active: active (running) since Mon 2026-02-16 17:29:14 WET; 3min 25s ago
   Main PID: 1844729 (postgres)
      Tasks: 6 (limit: 19018)
     Memory: 20.8M
        CPU: 102ms
     CGroup: /system.slice/postgresql.service
             ├─1844729 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
             ├─1844730 "postgres: checkpointer "
             ├─1844731 "postgres: background writer "
             ├─1844733 "postgres: walwriter "
             ├─1844734 "postgres: autovacuum launcher "
             └─1844735 "postgres: logical replication launcher "

fev 16 17:29:14 marte systemd[1]: Starting postgresql.service...
fev 16 17:29:14 marte pg_ctl[1844729]: 2026-02-16 17:29:14.637 WET [1844729] LOG:  starting PostgreSQL 15.16 on x86_64-mageia-linux-gnu, compiled by gcc (Mageia 12.3.0-3.mga9) 12.3.0, 64-bit
fev 16 17:29:14 marte pg_ctl[1844729]: 2026-02-16 17:29:14.637 WET [1844729] LOG:  listening on IPv4 address "127.0.0.1", port 5432
fev 16 17:29:14 marte pg_ctl[1844729]: 2026-02-16 17:29:14.637 WET [1844729] LOG:  listening on IPv6 address "::1", port 5432
fev 16 17:29:14 marte pg_ctl[1844729]: 2026-02-16 17:29:14.642 WET [1844729] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
fev 16 17:29:14 marte pg_ctl[1844732]: 2026-02-16 17:29:14.648 WET [1844732] LOG:  database system was shut down at 2026-02-16 17:29:14 WET
fev 16 17:29:14 marte pg_ctl[1844729]: 2026-02-16 17:29:14.654 WET [1844729] LOG:  database system is ready to accept connections
fev 16 17:29:14 marte systemd[1]: Started postgresql.service.
fev 16 17:30:58 marte pg_ctl[1844730]: 2026-02-16 17:30:58.695 WET [1844730] LOG:  checkpoint starting: immediate force wait
fev 16 17:30:58 marte pg_ctl[1844730]: 2026-02-16 17:30:58.826 WET [1844730] LOG:  checkpoint complete: wrote 6 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.020 s, sync=0.059 s, total=0.132 s; sync files=5, longe>
# su postgres -c psql
psql (15.16)
Type "help" for help.

postgres=# CREATE DATABASE test;
CREATE DATABASE
postgres=# CREATE TABLE test (id INT, data TEXT);
CREATE TABLE
postgres=# CREATE INDEX test_idx ON test(data);
CREATE INDEX
postgres=# INSERT INTO test VALUES ('1', 'TEXT 1');
INSERT 0 1
postgres=# INSERT INTO test VALUES ('2', 'TEXT 2');
INSERT 0 1
postgres=# INSERT INTO test VALUES ('3', 'TEXT 3');
INSERT 0 1
postgres=# SELECT * FROM test;
 id |  data  
----+--------
  1 | TEXT 1
  2 | TEXT 2
  3 | TEXT 3
(3 rows)

postgres=# DROP DATABASE test;
DROP DATABASE
postgres=# 
\q

CC: (none) => mageia

katnatek 2026-02-16 19:22:13 CET

Keywords: (none) => advisory

Comment 6 Thomas Andrews 2026-02-17 00:14:10 CET 
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 7 Mageia Robot 2026-02-17 18:47:52 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0041.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.