[ubuntu/disco-security] postgresql-common 199ubuntu0.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Nov 14 18:32:13 UTC 2019

postgresql-common (199ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

Date: 2019-11-13 15:54:31.939568+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list