This bug was fixed in the package postgresql-9.3 - 9.3.5-0ubuntu1
---------------
postgresql-9.3 (9.3.5-0ubuntu1) utopic; urgency=medium
[ Christoph Berg ]
* New upstream release. (LP: #1348176)
+ Secure Unix-domain sockets of temporary postmasters started during make
check (Noah Misch)
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory of /tmp.
* Remove our pg_regress patches to support --host=/path.
* Remove the tcl8.6 patch, went upstream.
* Update Vcs URLs.
-- Martin Pitt <[email protected]> Thu, 24 Jul 2014 15:14:05 +0200
** Changed in: postgresql-9.3 (Ubuntu Utopic)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0067
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1348176
Title:
New upstream microreleases 9.3.5, 9.1.14, 8.4.22
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-8.4/+bug/1348176/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
