Your submission was sent successfully! Close

CVE-2019-3466

Published: 14 November 2019

The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
postgresql-common
Launchpad, Ubuntu, Debian
Upstream
Released (210)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (190ubuntu0.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (173ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (154ubuntu1.1+esm1)
Patches:
Upstream: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c