Rocky Linux shipped security patches for PostgreSQL 13, 15, and 16 across both the 8 and 9 OS releases. The updates fix holes in postgres-decoderbufs, pgaudit, and pg_repack, which is arguably the most stable module lineup available right now, though CVSS severity ratings shift depending on the specific CVE tied to each component.

RLSA-2026:28037: Important: postgresql:15 security update
RLSA-2026:28143: Important: postgresql:16 security update
RLSA-2026:28208: Important: postgresql:13 security update

RLSA-2026:28037: Important: postgresql:15 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, pgaudit, pg_repack.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:28037: Important: postgresql:15 security update

RLSA-2026:28143: Important: postgresql:16 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, pgaudit, pg_repack.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:28143: Important: postgresql:16 security update

RLSA-2026:28208: Important: postgresql:13 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, module.pgaudit, module.pg_repack, pgaudit, pg_repack.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

RLSA-2026:28208: Important: postgresql:13 security update