UbuntuUpdates.org

Package "postgresql-common"

Name: postgresql-common

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • extension build tool for multiple PostgreSQL versions

Latest version: 173ubuntu0.3
Release: xenial (16.04)
Level: security
Repository: universe

Links



Other versions of "postgresql-common" in Xenial

Repository Area Version
base main 173
base universe 173
security main 173ubuntu0.3
updates universe 173ubuntu0.3
updates main 173ubuntu0.3
PPA: Postgresql 267.pgdg20.04+1
PPA: Postgresql 267.pgdg22.04+1
PPA: Postgresql 168~176.git088fff1.pgdg10.4+1
PPA: Postgresql 182.pgdg12.4+1
PPA: Postgresql 201.pgdg14.04+1
PPA: Postgresql 226.pgdg16.04+1
PPA: Postgresql 250.pgdg18.04+1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 173ubuntu0.3 2019-11-14 20:07:12 UTC

  postgresql-common (173ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

 -- Marc Deslauriers <email address hidden> Wed, 13 Nov 2019 10:31:07 -0500

Source diff to previous version

Version: 173ubuntu0.1 2017-11-09 22:06:25 UTC

  postgresql-common (173ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 08 Nov 2017 08:17:29 -0500

CVE-2016-1255 privilege escalation from postgresql user to root



About   -   Send Feedback to @ubuntu_updates