Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Debian LTS: DLA-1994-1 Critical: PostgreSQL-Common Local Escalation

debian lts
Calendar Grey November 15, 2019
Dist Debian Esm H88
PostgreSQL-common has addressed a vulnerability that allowed local privilege escalation via the pg_ctlcluster script; an immediate upgrade is recommended.
Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation

Summary

We recommend that you upgrade your postgresql-common packages.

For the detailed security status of postgresql-common please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/postgresql-common


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: postgresql-common
Version: 165+deb8u4
CVE ID: CVE-2019-3466

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.