CVE-2014-0067

NameCVE-2014-0067
DescriptionThe "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-0019-1, DSA-2864-1, DSA-2865-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresql-8.4sourcesqueeze8.4.22-0+deb6u1DLA-0019-1
postgresql-8.4sourcewheezy(not affected)
postgresql-8.4source(unstable)(unfixed)
postgresql-9.1sourcewheezy9.1.12-0wheezy1DSA-2865-1
postgresql-9.1source(unstable)9.1.11-2
postgresql-9.3source(unstable)9.3.3-1

Notes

[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
Search for package or bug name: Reporting problems