Security Information / 2017 / Security Information -- DSA-4029-1 postgresql-common

Debian Security Advisory

DSA-4029-1 postgresql-common -- security update

Date Reported:

09 Nov 2017

Affected Packages:

postgresql-common

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-8806.

More information:

It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.

For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3.

For the stable distribution (stretch), this problem has been fixed in version 181+deb9u1.

We recommend that you upgrade your postgresql-common packages.