Ubuntu
postgresql-9.1 package

  1. Precise (12.04)
  2. Bug #1348176
  3. Comment #13

Comment 13 for bug 1348176

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-8.4 - 8.4.22-0ubuntu0.12.04

---------------
postgresql-8.4 (8.4.22-0ubuntu0.12.04) precise-proposed; urgency=medium

  * New upstream bug fix release: (LP: #1348176)
    - Various data integrity and other bug fixes.
    - Secure Unix-domain sockets of temporary postmasters started during make
       check.
       Any local user able to access the socket file could connect as the
       server's bootstrap superuser, then proceed to execute arbitrary code as
       the operating-system user running the test, as we previously noted in
       CVE-2014-0067. This change defends against that risk by placing the
       server's socket in a temporary, mode 0700 subdirectory of /tmp.
    - See release notes for details:
      http://www.postgresql.org/docs/current/static/release-8-4-22.html
  * Drop pg_regress patch to run tests with socket in /tmp, obsolete with
    above upstream changes and not applicable any more.
 -- Martin Pitt <email address hidden> Tue, 29 Jul 2014 14:47:30 +0200