{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2016-1255","title":"Title"},{"category":"description","text":"The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2016-1255","url":"https://www.suse.com/security/cve/CVE-2016-1255"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1016745 for CVE-2016-1255","url":"https://bugzilla.suse.com/1016745"}],"title":"SUSE CVE CVE-2016-1255","tracking":{"current_release_date":"2025-04-20T23:27:03Z","generator":{"date":"2023-02-15T05:08:24Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2016-1255","initial_release_date":"2023-02-15T05:08:24Z","revision_history":[{"date":"2023-02-15T05:08:24Z","number":"2","summary":"Current version"},{"date":"2024-10-19T12:16:35Z","number":"3","summary":"Current version"},{"date":"2025-03-14T05:53:29Z","number":"4","summary":"Current version"},{"date":"2025-03-16T04:17:26Z","number":"5","summary":"Current version"},{"date":"2025-04-20T23:27:03Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP1","product":{"name":"SUSE Linux Enterprise Desktop 12 SP1","product_id":"SUSE Linux Enterprise Desktop 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP2","product":{"name":"SUSE Linux Enterprise Desktop 12 SP2","product_id":"SUSE Linux Enterprise Desktop 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP1","product":{"name":"SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2","product":{"name":"SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp2"}}},{"category":"product_name","name":"SUSE Manager Server 2.1","product":{"name":"SUSE Manager Server 2.1","product_id":"SUSE Manager Server 2.1","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:2.1"}}},{"category":"product_version","name":"postgresql94","product":{"name":"postgresql94","product_id":"postgresql94","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql94@?upstream=postgresql94.src.rpm"}}},{"category":"product_version","name":"postgresql94-contrib","product":{"name":"postgresql94-contrib","product_id":"postgresql94-contrib","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql94-contrib@?upstream=postgresql94.src.rpm"}}},{"category":"product_version","name":"postgresql94-docs","product":{"name":"postgresql94-docs","product_id":"postgresql94-docs","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql94-docs@?upstream=postgresql94.src.rpm"}}},{"category":"product_version","name":"postgresql94-server","product":{"name":"postgresql94-server","product_id":"postgresql94-server","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql94-server@?upstream=postgresql94.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Desktop 12 SP1","product_id":"SUSE Linux Enterprise Desktop 12 SP1:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Desktop 12 SP2","product_id":"SUSE Linux Enterprise Desktop 12 SP2:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-contrib as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-contrib"},"product_reference":"postgresql94-contrib","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-docs as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-docs"},"product_reference":"postgresql94-docs","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-server as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-server"},"product_reference":"postgresql94-server","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-contrib as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:postgresql94-contrib"},"product_reference":"postgresql94-contrib","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-docs as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:postgresql94-docs"},"product_reference":"postgresql94-docs","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-server as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:postgresql94-server"},"product_reference":"postgresql94-server","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-contrib as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib"},"product_reference":"postgresql94-contrib","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-docs as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:postgresql94-docs"},"product_reference":"postgresql94-docs","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"postgresql94-server as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:postgresql94-server"},"product_reference":"postgresql94-server","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"postgresql94 as component of SUSE Manager Server 2.1","product_id":"SUSE Manager Server 2.1:postgresql94"},"product_reference":"postgresql94","relates_to_product_reference":"SUSE Manager Server 2.1"}]},"vulnerabilities":[{"cve":"CVE-2016-1255","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-1255"}],"notes":[{"category":"general","text":"The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Desktop 12 SP1:postgresql94","SUSE Linux Enterprise Desktop 12 SP2:postgresql94","SUSE Linux Enterprise Server 12 SP1:postgresql94","SUSE Linux Enterprise Server 12 SP1:postgresql94-contrib","SUSE Linux Enterprise Server 12 SP1:postgresql94-docs","SUSE Linux Enterprise Server 12 SP1:postgresql94-server","SUSE Linux Enterprise Server 12 SP2:postgresql94","SUSE Linux Enterprise Server 12 SP2:postgresql94-contrib","SUSE Linux Enterprise Server 12 SP2:postgresql94-docs","SUSE Linux Enterprise Server 12 SP2:postgresql94-server"],"known_not_affected":["SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql94","SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql94","SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94","SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-contrib","SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-docs","SUSE Linux Enterprise Server 11 SP4-LTSS:postgresql94-server","SUSE Manager Server 2.1:postgresql94"]},"references":[{"category":"external","summary":"CVE-2016-1255","url":"https://www.suse.com/security/cve/CVE-2016-1255"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1016745 for CVE-2016-1255","url":"https://bugzilla.suse.com/1016745"}],"threats":[{"category":"impact","date":"2016-12-21T01:53:12Z","details":"moderate"}],"title":"CVE-2016-1255"}]}