postgresql-common (173ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
- pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is
not affected by this change. Users with directories on volatile
storage (tmpfs) in other locations have to make sure the parent
directory is writable for the cluster owner.
- Thanks to Rich Mirch and Christoph Berg.
- CVE-2019-3466
Date: 2019-11-13 16:02:19.528450+00:00
Changed-By: Marc Deslauriers <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/postgresql-common/173ubuntu0.3
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
