UbuntuUpdates.org

Package "postgresql-common"

Name: postgresql-common

Description:

PostgreSQL database-cluster manager

Latest version: 173ubuntu0.3
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "postgresql-common": https://www.ubuntuupdates.org/postgresql-common


Download "postgresql-common"


Other versions of "postgresql-common" in Xenial

Repository Area Version
base main 173
base universe 173
security main 173ubuntu0.3
security universe 173ubuntu0.3
updates universe 173ubuntu0.3
PPA: Postgresql 168~176.git088fff1.pgdg10.4+1
PPA: Postgresql 182.pgdg12.4+1
PPA: Postgresql 201.pgdg14.04+1
PPA: Postgresql 210.pgdg16.04+1
PPA: Postgresql 210.pgdg18.04+1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 173ubuntu0.3 2019-11-14 21:07:01 UTC

  postgresql-common (173ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

 -- Marc Deslauriers <email address hidden> Wed, 13 Nov 2019 10:31:07 -0500

Source diff to previous version

Version: 173ubuntu0.2 2018-07-26 15:06:18 UTC

  postgresql-common (173ubuntu0.2) xenial; urgency=medium

  * Convert triggers to noawait (LP: #1780996)

 -- Julian Andres Klode <email address hidden> Wed, 11 Jul 2018 17:13:21 +0200

Source diff to previous version

Version: 173ubuntu0.1 2017-11-10 00:06:41 UTC

  postgresql-common (173ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 08 Nov 2017 08:17:29 -0500

CVE-2016-1255 privilege escalation from postgresql user to root



About   -   Send Feedback to @ubuntu_updates