UbuntuUpdates.org

Package "postgresql-client-common"

Name: postgresql-client-common

Description:

manager for multiple PostgreSQL client versions

Latest version: 173ubuntu0.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: postgresql-common

Links


Download "postgresql-client-common"


Other versions of "postgresql-client-common" in Xenial

Repository Area Version
base main 173
security main 173ubuntu0.3
PPA: Postgresql 267.pgdg22.04+1
PPA: Postgresql 168~176.git088fff1.pgdg10.4+1
PPA: Postgresql 182.pgdg12.4+1
PPA: Postgresql 201.pgdg14.04+1
PPA: Postgresql 226.pgdg16.04+1
PPA: Postgresql 250.pgdg18.04+1
PPA: Postgresql 267.pgdg20.04+1

Changelog

Version: 173ubuntu0.3 2019-11-14 21:07:01 UTC

  postgresql-common (173ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

 -- Marc Deslauriers <email address hidden> Wed, 13 Nov 2019 10:31:07 -0500

Source diff to previous version

Version: 173ubuntu0.2 2018-07-26 15:06:18 UTC

  postgresql-common (173ubuntu0.2) xenial; urgency=medium

  * Convert triggers to noawait (LP: #1780996)

 -- Julian Andres Klode <email address hidden> Wed, 11 Jul 2018 17:13:21 +0200

Source diff to previous version

Version: 173ubuntu0.1 2017-11-10 00:06:41 UTC

  postgresql-common (173ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 08 Nov 2017 08:17:29 -0500

CVE-2016-1255 privilege escalation from postgresql user to root



About   -   Send Feedback to @ubuntu_updates