Univention Bugzilla – Bug 50506
postgresql-common: Multiple issues (4.4)
Last modified: 2019-11-20 13:26:55 CET
New Debian postgresql-common 181+deb9u3A~4.4.2.201911180758 fixes: This update addresses the following issue: * postgresql-common (CVE-2019-3466)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/postgresql-common_181+deb9u2A~4.3.1.201808081329.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/postgresql-common_181+deb9u3A~4.4.2.201911180758.dsc @@ -1,8 +1,14 @@ -181+deb9u2A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:47:48 +0200] Univention builddaemon <buildd@univention.de>: +181+deb9u3A~4.4.2.201911180758 [Mon, 18 Nov 2019 07:59:20 +0100] Univention builddaemon <buildd@univention.de>: - * UCS auto build. The following patches have been applied to the original source package - 01-autostart-setting - 02-emit-supported-postgresql-versions + * UCS auto build. No patches were applied to the original source package + +181+deb9u3 [Tue, 12 Nov 2019 15:00:36 +0100] Christoph Berg <myon@debian.org>: + + * pg_ctlcluster: Drop privileges before creating socket and stats temp + directories outside /var/run/postgresql. The default configuration is not + affected by this change. Users with directories on volatile storage + (tmpfs) in other locations have to make sure the parent directory is + writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch) 181+deb9u2 [Fri, 08 Jun 2018 11:16:28 +0200] Christoph Berg <christoph.berg@credativ.de>: <http://10.200.17.11/4.4-2/#3622232025281512551>
--- mirror/ftp/4.3/unmaintained/4.3-2/source/postgresql-common_181+deb9u2A~4.3.1.201808081329.dsc +++ apt/ucs_4.4-0-errata4.4-2/source/postgresql-common_181+deb9u3A~4.4.0.201911181236.dsc @@ -1,8 +1,16 @@ -181+deb9u2A~4.3.1.201808081329 [Wed, 08 Aug 2018 13:47:48 +0200] Univention builddaemon <buildd@univention.de>: +181+deb9u3A~4.4.0.201911181236 [Mon, 18 Nov 2019 12:36:27 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01-autostart-setting 02-emit-supported-postgresql-versions + +181+deb9u3 [Tue, 12 Nov 2019 15:00:36 +0100] Christoph Berg <myon@debian.org>: + + * pg_ctlcluster: Drop privileges before creating socket and stats temp + directories outside /var/run/postgresql. The default configuration is not + affected by this change. Users with directories on volatile storage + (tmpfs) in other locations have to make sure the parent directory is + writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch) 181+deb9u2 [Fri, 08 Jun 2018 11:16:28 +0200] Christoph Berg <christoph.berg@credativ.de>: <http://10.200.17.11/4.4-2/#4683309115405766139>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-2] 64c6ddbea8 Bug #50506: postgresql-common 181+deb9u3A~4.4.0.201911181236 doc/errata/staging/postgresql-common.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) [4.4-2] caacc34993 Bug #50506: postgresql-common 181+deb9u3A~4.4.2.201911180758 doc/errata/staging/postgresql-common.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<http://errata.software-univention.de/ucs/4.4/352.html>