UbuntuUpdates.org

Package "postgresql-server-dev-all"

Name: postgresql-server-dev-all

Description:

extension build tool for multiple PostgreSQL versions

Latest version: 173ubuntu0.3
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: postgresql-common

Links


Download "postgresql-server-dev-all"


Other versions of "postgresql-server-dev-all" in Xenial

Repository Area Version
base universe 173
security universe 173ubuntu0.3
PPA: Postgresql 168~176.git088fff1.pgdg10.4+1
PPA: Postgresql 182.pgdg12.4+1
PPA: Postgresql 201.pgdg14.04+1
PPA: Postgresql 226.pgdg16.04+1
PPA: Postgresql 250.pgdg18.04+1
PPA: Postgresql 257.pgdg20.04+1
PPA: Postgresql 257.pgdg22.04+1

Changelog

Version: 173ubuntu0.3 2019-11-14 21:07:02 UTC

  postgresql-common (173ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
    - pg_ctlcluster: Drop privileges before creating socket and stats temp
      directories outside /var/run/postgresql. The default configuration is
      not affected by this change. Users with directories on volatile
      storage (tmpfs) in other locations have to make sure the parent
      directory is writable for the cluster owner.
    - Thanks to Rich Mirch and Christoph Berg.
    - CVE-2019-3466

 -- Marc Deslauriers <email address hidden> Wed, 13 Nov 2019 10:31:07 -0500

Source diff to previous version

Version: 173ubuntu0.2 2018-07-26 15:06:23 UTC

  postgresql-common (173ubuntu0.2) xenial; urgency=medium

  * Convert triggers to noawait (LP: #1780996)

 -- Julian Andres Klode <email address hidden> Wed, 11 Jul 2018 17:13:21 +0200

Source diff to previous version

Version: 173ubuntu0.1 2017-11-10 00:06:42 UTC

  postgresql-common (173ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: symlink attack vulnerability
    - drop privileges when creating log file in pg_ctlcluster.
    - c8989206ec360f199400c74f129f7b4cb878c1ee
    - CVE-2016-1255
  * SECURITY UPDATE: symlink attack vulnerability in init/helper scripts
    (LP: #1727209)
    - use lchown instead of chown in pg_createcluster, pg_ctlcluster,
      pg_upgradecluster.
    - 8b4d0a889a8287181c4bdf46462db9b737a6e25d
    - No CVE number

 -- Marc Deslauriers <email address hidden> Wed, 08 Nov 2017 08:17:29 -0500

CVE-2016-1255 privilege escalation from postgresql user to root



About   -   Send Feedback to @ubuntu_updates