CVE-2016-1255 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-1255 Interim 1 16 2024-10-16T02:09:10Z current 2021-05-30T13:37:50Z 2024-10-16T02:09:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-1255 The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Manager Server 2.1 postgresql94 postgresql94-contrib postgresql94-docs postgresql94-server postgresql94 as a component of SUSE Linux Enterprise Desktop 12 SP1 postgresql94 as a component of SUSE Linux Enterprise Desktop 12 SP2 postgresql94 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata postgresql94 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata postgresql94 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS postgresql94-contrib as a component of SUSE Linux Enterprise Server 11 SP4-LTSS postgresql94-docs as a component of SUSE Linux Enterprise Server 11 SP4-LTSS postgresql94-server as a component of SUSE Linux Enterprise Server 11 SP4-LTSS postgresql94 as a component of SUSE Linux Enterprise Server 12 SP1 postgresql94-contrib as a component of SUSE Linux Enterprise Server 12 SP1 postgresql94-docs as a component of SUSE Linux Enterprise Server 12 SP1 postgresql94-server as a component of SUSE Linux Enterprise Server 12 SP1 postgresql94 as a component of SUSE Linux Enterprise Server 12 SP2 postgresql94-contrib as a component of SUSE Linux Enterprise Server 12 SP2 postgresql94-docs as a component of SUSE Linux Enterprise Server 12 SP2 postgresql94-server as a component of SUSE Linux Enterprise Server 12 SP2 postgresql94 as a component of SUSE Manager Server 2.1 The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. CVE-2016-1255 SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql94 SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql94 SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94 SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-contrib SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-docs SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-server SUSE Manager Server 2.1:postgresql94 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H