Log message:
postgresql1[4-8]*: updated to 18.2, 17.8, 16.12, 15.16, and 14.21

PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21

Security Issues

CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory

CVSS v3.1 Base Score: 4.3

Supported, Vulnerable Versions: 14 - 18.

Improper validation of type oidvector in PostgreSQL allows a database user to \ 
disclose a few bytes of server memory. We have not ruled out viability of \ 
attacks that arrange for presence of confidential information in disclosed \ 
bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, \ 
15.16, and 14.21 are affected.

The PostgreSQL project thanks Altan Birler for reporting this problem.

CVE-2026-2004: PostgreSQL intarray missing validation of type of input to \ 
selectivity estimator executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Missing validation of type of input in PostgreSQL intarray extension selectivity \ 
estimator function allows an object creator to execute arbitrary code as the \ 
operating system user running the database. Versions before PostgreSQL 18.2, \ 
17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for \ 
reporting this problem.

CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to \ 
execute arbitrary code as the operating system user running the database. \ 
Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for \ 
reporting this problem.

CVE-2026-2006: PostgreSQL missing validation of multibyte character length \ 
executes arbitrary code

CVSS v3.1 Base Score: 8.8

Supported, Vulnerable Versions: 14 - 18.

Missing validation of multibyte character length in PostgreSQL text manipulation \ 
allows a database user to issue crafted queries that achieve a buffer overrun. \ 
That suffices to execute arbitrary code as the operating system user running the \ 
database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are \ 
affected.

The PostgreSQL project thanks Paul Gerste and Moritz Sanft, as part of \ 
zeroday.cloud, for reporting this problem.

CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto \ 
server memory

CVSS v3.1 Base Score: 8.2

Supported, Vulnerable Versions: 18.

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve \ 
unknown impacts via a crafted input string. The attacker has limited control \ 
over the byte patterns to be written, but we have not ruled out the viability of \ 
attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are \ 
affected.

The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.

Bug Fixes and Improvements

This update fixes over 65 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 18. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Fix inconsistent case-insensitive text matching in the ltree extension. If you \ 
use an index on an ltree column, in some cases you may need perform a reindex. \ 
See the "Updating" section for additional instructions.
Executing ALTER TABLE ... ADD CONSTRAINT to add a NOT NULL constraint on a \ 
column that already is marked as NOT NULL now requires the constraint name to \ 
match the existing constraint name.
Fix trigger behavior when MERGE is executed from a WITH query to include rows \ 
affected by the MERGE.
Several query planner fixes.
Fix for text substring search for non-deterministic collations.
Several fixes for NOTIFY error handling and reporting.
Use the correct ordering function in GIN index parallel builds.
Fix incorrect handling of incremental backups with tables larger than 1GB.
Fail recovery if WAL does not exist back to the redo point indicated by the \ 
checkpoint record.
Fix for ALTER PUBLICATION to ensure event triggers contain all set options.
Several fixes around replication slot initialization.
Don't advance replication slot after a logical replication parallel worker apply \ 
failure to prevent transaction loss on the subscriber.
Fix error reporting for SQL/JSON path type mismatches.
Fix JIT compilation function inlining when using LLVM 17 or later.
Add new server parameter file_extend_method to control use of posix_fallocate().
Fix psql tab completion for the VACUUM command options.
Fix pg_dump to handle concurrent sequence drops gracefully and to fail if the \ 
calling user explicitly lacks privileges to read the sequence.
Several fixes for amcheck around btree inspection.
Avoid crash in pg_stat_statements when an IN list contains both constants and \ 
non-constant expressions.
This release also updates time zone data files to tzdata release 2025c, which \ 
only has a historical data change for pre-1976 timestamps in Baja California.

Log message:
*: recursive bump for icu 78.1

Log message:
databases/postgresql: remove unknown configure options

Log message:
postgresql: updated to 17.5, 16.9, 15.13, 14.18, 13.21

PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21

CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end \ 
of allocation for text that fails validation

Bug Fixes and Improvements

This update fixes over 60 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 17. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Handle self-referential foreign keys on partitioned tables correctly. Creating \ 
or attaching partitions failed to make the required catalog entries for a \ 
foreign-key constraint if the table referenced by the constraint was the same \ 
partitioned table. This resulted in failure to enforce the constraint fully. To \ 
fix this, please see the instructions in the "Updating" section.
Fix for potential data loss issue when using BRIN bloom indexes (e.g. using the \ 
date_bloom_ops operator class).
Fix MERGE into a partitioned table with DO NOTHING actions.
Prevent failure in INSERT commands when the table has a GENERATED column of a \ 
domain type and the domain's constraints disallow NULL values.
Fix ALTER TABLE .. ADD COLUMN to correctly handle the case of a domain type that \ 
has its own default value and the DEFAULT for the column is not set.
Fix issues when performing casts within the keys of JSON constructor expressions.
Fix XMLSERIALIZE() so that the INDENT option is correctly dumped out when it's \ 
present in views or rules. This was noticeable on restores.
Several query planner fixes, including avoiding a premature evaluation of \ 
arguments in an aggregate function that has both FILTER and either ORDER BY or \ 
DISTINCT clauses that could lead to unnecessary failures.
Fix for potentially returning incorrect results when a bitmap scan without \ 
output columns is executed while vacuum is also running on the same table.
Fix performance issues in GIN index search startup when there are many search \ 
keys, for example, jsonbcol ?| array[...] with tens of thousands of array \ 
elements.
Ensure that I/O statistics of active WAL senders are reported within at most one \ 
second.
Fix race condition in handling of synchronous_standby_names immediately after \ 
startup, where a backend might fail to wait for a synchronous commit.
Avoid infinite loop if scram_iterations is set to INT_MAX.
Several fixes for logical replication, including handling of vacuum around \ 
deleted rows that are still required for logical decoding.
Prevent potential data loss when schema modification operations (DDL) that don't \ 
take a strong lock affect tables that are being logically replicated.
Prevent issues in logical replication that could allow duplicate data to be \ 
applied due to apply worker error handling.
Improve how reindexdb handles scheduling parallel reindex operations to achieve \ 
the expected amount of parallelism.

This release also updates time zone data files to tzdata release 2025b for DST \ 
law changes in Chile, plus historical corrections for Iran. Additionally, there \ 
is a new time zone America/Coyhaique for Chile's Aysén Region, to account for \ 
it changing to UTC-03 year-round, which diverges from America/Santiago.

Log message:
*: recursive bump for icu 77 and libxml2 2.14

Log message:
Render postgresql17 CONFLICTS as harmless as those of postgresql16

Log message:
*: remove MirBSD support

Log message:
postgresql: updated to 17.3, 16.7, 15.11, 14.16, 13.19

PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19

Security Issues

CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text \ 
that fails encoding validation

Bug Fixes and Improvements

This update fixes over 70 bugs that were reported in the last several months. \ 
The issues listed below affect PostgreSQL 17. Some of these issues may also \ 
affect other supported versions of PostgreSQL.

Restore pre-v17 truncation behavior for >63-byte database names and usernames \ 
in connection requests.
Don't perform connection privilege checks and limits on parallel workers, and \ 
instead inherit these from the leader process.
Remove Lock suffix from LWLock wait event names.
Fix possible re-use of stale results in window aggregates, which could lead to \ 
incorrect results.
Several race condition fixes for vacuum that in the worst case could cause \ 
corruption to a system catalog.
Several fixes for truncating tables and indexes that prevent potential corruption.
Fix for detaching a partition where its own foreign-key constraint references a \ 
partitioned table.
Fix for the FFn (e.g., FF1) format codes for to_timestamp, where an integer \ 
format code before the FFn would consume all available digits.
Fixes for SQL/JSON and XMLTABLE() to double-quote specific entries when necessary.
Include the ldapscheme option in pg_hba_file_rules().
Several fixes for UNION, including not merging columns with non-compatible \ 
collations.
Several fixes that could impact availability or speed of starting a connection \ 
to PostgreSQL.
Fix multiple memory leaks in logical decoding output.
Fix several memory leaks in PL/Python.
Add psql tab completion for COPY (MERGE INTO).
Make pg_controldata more resilient when displaying info from corruptedpg_control \ 
files.
Fix for a memory leak in pg_restore with zstd-compressed data.
Fix pg_basebackup to correctly handle pg_wal.tar files exceeding 2GB on Windows.
Modify earthdistance to use SQL-standard function bodies, which fixes possible \ 
issues with major version upgrades to v17 when databases use this extension.
Fix crash in pageinspect in instances where the brin_page_items() function \ 
definition is not updated to the latest version.
Fix race condition when trying to cancel a postgres_fdw remote query.