[ubuntu/eoan-security] postgresql-common 204ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Nov 14 18:32:10 UTC 2019
postgresql-common (204ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
- pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is
not affected by this change. Users with directories on volatile
storage (tmpfs) in other locations have to make sure the parent
directory is writable for the cluster owner.
- Thanks to Rich Mirch and Christoph Berg.
- CVE-2019-3466
Date: 2019-11-13 15:54:14.237129+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/postgresql-common/204ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list