All Vulnerability Reports

USN-4194-1: postgresql-common vulnerability


Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 16.04
Description

Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

CVEs contained in this USN include: CVE-2019-3466

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager
    • 2.7.x versions prior to 2.7.4
    • 2.6.x versions prior to 2.6.15
    • 2.5.x versions prior to 2.5.23
    • 2.4.x versions prior to 2.4.26
Mitigation

Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:

  • Pivotal Operations Manager
    • 2.7.4
    • 2.6.15
    • 2.5.23
    • 2.4.26
References
お問い合わせ