CVE-2019-3466

Published: 14 November 2019

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
postgresql-common
Launchpad, Ubuntu, Debian
Upstream
Released (210)
Ubuntu 20.04 LTS (Focal Fossa)
Released (210)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (190ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (173ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (154ubuntu1.1+esm1)
Patches:
Upstream: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c