[ubuntu/eoan-updates] postgresql-common 204ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Nov 14 19:28:12 UTC 2019
postgresql-common (204ubuntu0.1) eoan-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
- pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is
not affected by this change. Users with directories on volatile
storage (tmpfs) in other locations have to make sure the parent
directory is writable for the cluster owner.
- Thanks to Rich Mirch and Christoph Berg.
- CVE-2019-3466
Date: 2019-11-13 15:54:14.237129+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/postgresql-common/204ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list