Debian Security Advisory

DLA-1994-1 postgresql-common -- LTS security update

Date Reported:
14 Nov 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2019-3466.
More information:

Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.

For the oldoldstable distribution (jessie), this problem has been fixed in version 165+deb8u4.

We recommend that you upgrade your postgresql-common packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: