Support Content Notification - Support Portal

USN-4194-1: postgresql-common vulnerability

Product/Component

Notification Id

23751

Last Updated

18 December 2019

Initial Publication Date

18 December 2019

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2019-3466

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 16.04

Description

Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges.

CVEs contained in this USN include: CVE-2019-3466

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

Pivotal Operations Manager
- 2.7.x versions prior to 2.7.4
- 2.6.x versions prior to 2.6.15
- 2.5.x versions prior to 2.5.23
- 2.4.x versions prior to 2.4.26

Mitigation

Pivotal Operations Manager
- 2.7.4
- 2.6.15
- 2.5.23
- 2.4.26

References

https://usn.ubuntu.com/4194-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3466