UBUNTU-CVE-2016-1255

See a problem?

Source

https://ubuntu.com/security/CVE-2016-1255

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1255.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-1255

Related

Published

2016-12-20T00:00:00Z

Modified

2016-12-20T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

References

Affected packages

Ubuntu:14.04:LTS / postgresql-common

Package

Name: postgresql-common
Purl: pkg:deb/ubuntu/postgresql-common?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

154ubuntu1.1

Affected versions

Other

148

150

151

152

153

153bzr1

154

154ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "9.3+154ubuntu1.1",
            "binary_name": "postgresql"
        },
        {
            "binary_version": "9.3+154ubuntu1.1",
            "binary_name": "postgresql-client"
        },
        {
            "binary_version": "154ubuntu1.1",
            "binary_name": "postgresql-client-common"
        },
        {
            "binary_version": "154ubuntu1.1",
            "binary_name": "postgresql-common"
        },
        {
            "binary_version": "9.3+154ubuntu1.1",
            "binary_name": "postgresql-contrib"
        },
        {
            "binary_version": "9.3+154ubuntu1.1",
            "binary_name": "postgresql-doc"
        },
        {
            "binary_version": "154ubuntu1.1",
            "binary_name": "postgresql-server-dev-all"
        }
    ]
}

Ubuntu:16.04:LTS / postgresql-common

Package

Name: postgresql-common
Purl: pkg:deb/ubuntu/postgresql-common?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

173ubuntu0.1

Affected versions

Other

169git1

170

171

172

172ubuntu1

173

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "9.5+173ubuntu0.1",
            "binary_name": "postgresql"
        },
        {
            "binary_version": "9.5+173ubuntu0.1",
            "binary_name": "postgresql-client"
        },
        {
            "binary_version": "173ubuntu0.1",
            "binary_name": "postgresql-client-common"
        },
        {
            "binary_version": "173ubuntu0.1",
            "binary_name": "postgresql-common"
        },
        {
            "binary_version": "9.5+173ubuntu0.1",
            "binary_name": "postgresql-contrib"
        },
        {
            "binary_version": "9.5+173ubuntu0.1",
            "binary_name": "postgresql-doc"
        },
        {
            "binary_version": "173ubuntu0.1",
            "binary_name": "postgresql-server-dev-all"
        }
    ]
}