CVE 2014-0067
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
Related bugs and status
CVE-2014-0067 (Candidate) is related to these bugs:
Bug #991725: postgres is using deprecated /proc/PID/oom_adj
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
991725 | postgres is using deprecated /proc/PID/oom_adj | postgresql-9.3 (Ubuntu) | Low | Fix Released | ||
991725 | postgres is using deprecated /proc/PID/oom_adj | postgresql-9.3 (Debian) | Unknown | Fix Released |
Bug #1282677: New upstream microreleases 9.3.3, 9.1.12, 8.4.20
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.3 (Ubuntu) | High | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.3 (Ubuntu Trusty) | High | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.1 (Ubuntu) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.1 (Ubuntu Precise) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.1 (Ubuntu Quantal) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.1 (Ubuntu Saucy) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-9.1 (Ubuntu Trusty) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-8.4 (Ubuntu) | Undecided | Invalid | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-8.4 (Ubuntu Lucid) | Undecided | Fix Released | ||
1282677 | New upstream microreleases 9.3.3, 9.1.12, 8.4.20 | postgresql-8.4 (Ubuntu Precise) | Undecided | Fix Released |
Bug #1348176: New upstream microreleases 9.3.5, 9.1.14, 8.4.22
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.1 (Ubuntu) | Undecided | Invalid | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.3 (Ubuntu) | Medium | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.3 (Ubuntu Utopic) | Medium | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-8.4 (Ubuntu) | Undecided | Invalid | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-8.4 (Ubuntu Lucid) | Undecided | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-8.4 (Ubuntu Precise) | Undecided | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.1 (Ubuntu Precise) | Undecided | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.1 (Ubuntu Trusty) | Undecided | Fix Released | ||
1348176 | New upstream microreleases 9.3.5, 9.1.14, 8.4.22 | postgresql-9.3 (Ubuntu Trusty) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.