Question

Are Nubus for UCS systems affected by the PostgreSQL vulnerabilities addressed in Debian Security Advisory DSA-6269-1, and what actions should administrators take?

Answer

Debian has published the security advisory DSA-6269-1 for PostgreSQL 15. The advisory addresses multiple security vulnerabilities affecting PostgreSQL, including issues that may lead to:

• Authorization bypass
• Arbitrary code execution
• Information disclosure
• Privilege escalation
• SQL injection
• Denial of service

The vulnerabilities are tracked under the following CVEs:

• CVE-2026-6472
• CVE-2026-6473
• CVE-2026-6474
• CVE-2026-6475
• CVE-2026-6477
• CVE-2026-6478
• CVE-2026-6479
• CVE-2026-6637

According to the Debian security advisory, the issues are fixed in PostgreSQL version:

• 15.18-0+deb12u1

Univention has released this as Erratum 457

Administrators should plan to update affected systems once the Univention fix release becomes available.

The PostgreSQL upstream release notes for version 15.18 additionally document several security and stability fixes, including protections against memory allocation overflows, startup packet recursion issues, authentication hardening, and buffer overrun fixes.

References

• CERT-Bund Advisory WID-SEC-2026-1544
• Debian Security Advisory DSA-6269-1
• Debian Security Tracker: DSA-6269-1
• PostgreSQL 15.18 Release Notes
• Univention Bug #59297