CVE ID PRIORITY PACKAGE FIXED VERSION REPOSITORY
CVE-2019-3466 medium postgresql-all 190ubuntu0.1 Ubuntu Archive
Summary
Ubuntu Release bionic
Installed Packages 969
CVE Priority All
Unique Packages Fixable by Patching 1
Unique CVEs Fixable by Patching 1
Vulnerabilities Fixable by Patching 1
Fixes Available by apt-get upgrade 1
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-================================================-=============================-=============================-=====================================================================================================
ii postgresql-all 10+190ubuntu0.1 all metapackage depending on all PostgreSQL server packages
SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is
not affected by this change. Users with directories on volatile
storage (tmpfs) in other locations have to make sure the parent
directory is writable for the cluster owner.
cvescan reports an issue with CVE-2019-3466 when the packages are at "10+" but the changelog for those packages indicate they are patched.
✅ Ubuntu vulnerability database successfully downloaded! ✅ Scan complete!
CVE ID PRIORITY PACKAGE FIXED VERSION REPOSITORY CVE-2019-3466 medium postgresql-all 190ubuntu0.1 Ubuntu Archive
Summary
Ubuntu Release bionic Installed Packages 969 CVE Priority All Unique Packages Fixable by Patching 1 Unique CVEs Fixable by Patching 1 Vulnerabilities Fixable by Patching 1 Fixes Available by
apt-get upgrade
1Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-================================================-=============================-=============================-===================================================================================================== ii postgresql-all 10+190ubuntu0.1 all metapackage depending on all PostgreSQL server packages
Get:1 https://changelogs.ubuntu.com postgresql-common 190ubuntu0.1 Changelog [188 kB] postgresql-common (190ubuntu0.1) bionic-security; urgency=medium
SECURITY UPDATE: Privilege Escalation via Arbitrary Directory Creation
-- Marc Deslauriers marc.deslauriers@ubuntu.com Wed, 13 Nov 2019 10:21:57 -0500