Critical PostgreSQL Vulnerabilities in Oracle Linux 8 and 9

Oracle Linux has released important security advisories for PostgreSQL vulnerabilities affecting versions 15 and 16. CVE-2026-6478, a critical vulnerability, has been identified in PostgreSQL 15, prompting immediate updates. The vulnerabilities impact Oracle Linux 8 and 9, with specific advisories ELSA-2026-28037 and ELSA-2026-28143 detailing the necessary patches. PostgreSQL 16 is also affected, with updates available for pgaudit, pg_repack, and postgis modules. Administrators are urged to apply the patches promptly to mitigate risks. The vulnerabilities could lead to unauthorized access and data breaches if left unaddressed. The advisories emphasize the urgency of updating systems to the latest versions to protect against potential exploitation.

Key Points: • CVE-2026-6478 affects PostgreSQL 15, requiring immediate patching. • Oracle Linux 8 and 9 users must update their PostgreSQL installations to mitigate risks. • Multiple modules including pgaudit and pg_repack have received critical updates.