CVE-2017-12172 (retired)

Priority
Description
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x
before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a
non-root operating system account, and database superusers have effective
ability to run arbitrary code under that system account. PostgreSQL
provides a script for starting the database server during system boot.
Packages of PostgreSQL for many operating systems provide their own,
packager-authored startup implementations. Several implementations use a
log file name that the database superuser can replace with a symbolic link.
As root, they open(), chmod() and/or chown() this log file name. This often
suffices for the database superuser to escalate to root privileges when
root starts the server.
Notes
mdeslaurthis script isn't installed by the packaging
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not shipped)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not shipped)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not shipped)
More Information

Updated: 2019-10-09 07:58:45 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)