[월:] 2017년 11월

USN-3476-2: postgresql-common vulnerabilities Ubuntu Security Notice USN-3476-2 27th November, 2017 postgresql-common vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary postgresql-common could be made to overwrite files as the administrator. Software description postgresql-common – PostgreSQL database-cluster manager Details USN-3476-1 fixed two vulnerabilities in postgresql-common. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Dawid Golunski discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectly handled symlinks. A local attacker could possibly use this issue to escalate privileges. (CVE-2017-8806) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: postgresql-common 129ubuntu1.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]