Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 ESM USN-4194-2 Moderate: PostgreSQL-Common Path Elevation

ubuntu
Calendar Grey December 3, 2019
Dist Ubuntu Esm H88
A vulnerability resolution for Ubuntu 14.04 ESM has been released relating to postgresql-common, which permits unrestricted creation of directories.
postgresql-common could be made to create arbitrary directories.

Summary

postgresql-common could be made to create arbitrary directories.

Software Description:

- postgresql-common: PostgreSQL database-cluster manager

Details:

USN-4194-1 fixed a vulnerability in postgresql-common. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 Rich Mirch discovered that the postgresql-common pg_ctlcluster script

 incorrectly handled directory creation. A local attacker could possibly use

 this issue to escalate privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  postgresql-common               154ubuntu1.1+esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4194-2

  https://ubuntu.com/security/notices/USN-4194-1

  CVE-2019-3466

Severity
important
Lowest
Low
Medium
High
Critical

December 03, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here