postgresql-common could be made to create arbitrary directories.
Software Description:
- postgresql-common: PostgreSQL database-cluster manager
Details:
Rich Mirch discovered that the postgresql-common pg_ctlcluster script
incorrectly handled directory creation. A local attacker could possibly use
this issue to escalate privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: postgresql-common 204ubuntu0.1 Ubuntu 19.04: postgresql-common 199ubuntu0.1 Ubuntu 18.04 LTS: postgresql-common 190ubuntu0.1 Ubuntu 16.04 LTS: postgresql-common 173ubuntu0.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4194-1
CVE-2019-3466
Get the latest Linux and open source security news straight to your inbox.