[ubuntu/disco-updates] postgresql-common 199ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Nov 14 19:28:12 UTC 2019

postgresql-common (199ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

Date: 2019-11-13 15:54:31.939568+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list