EUVD-2019-13104

Malware in sbrugna...

SUSE CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

USN-4194-2 postgresql-common vulnerability

USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rich Mirch discovered that the postgresql-common pgctlcluster script incorrectly handled directory creation. A local attacker could possibly use th...

CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

ALPINE-CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

Privilege escalation

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

CVE-2019-3466

CVE-2019-3466 concerns the pg_ctlcluster script in the PostgreSQL-related package postgresql-common. In versions prior to 210, the script did not drop privileges when creating socket/statistics temporary directories, enabling a local privilege escalation. Public disclosures reference Ubuntu/Debia...

CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

Debian DLA-1994-1 : postgresql-common security update

Rich Mirch discovered that the pgctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. For the oldoldstable distribution jessie, this problem has been fixed in version 165+deb8u4. We recommend that you...

Postgresql-common resource management error vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. postgresql-common is a generic package for PostgreSQL. A security...

CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

UBUNTU-CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

DEBIAN-CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

CVE-2016-1255

The CVE-2016-1255 issue affects the pg_ctlcluster script in the postgresql-common package across multiple Debian/Ubuntu releases (e.g., Debian wheezy/jessie, Ubuntu 12.04/14.04/16.04/17.x, etc.). The root cause is a symlink attack on a logfile located in /var/log/postgresql, which local users can...

CVE-2017-8806

The Debian pgctlcluster, pgcreatecluster, and pgupgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL and other packages related to Debian and Ubuntu, handled symbolic links insecurely, which could result in local denial of service by...