SECURITY

USN-3476-1: postgresql-common vulnerabilities Ubuntu Security Notice USN-3476-1 9th November, 2017 postgresql-common vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary postgresql-common could be made to overwrite files as the administrator. Software description postgresql-common – PostgreSQL database-cluster manager Details Dawid Golunski discovered that the postgresql-common pg_ctlcluster scriptincorrectly handled symlinks. A local attacker could possibly use thisissue to escalate privileges. This issue only affected Ubuntu 14.04 LTS andUbuntu 16.04 LTS. (CVE-2016-1255) It was discovered that the postgresql-common helper scripts incorrectlyhandled symlinks. A local attacker could possibly use this issue toescalate privileges. (CVE-2017-8806) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: postgresql-common 184ubuntu1.1 Ubuntu 17.04: postgresql-common 179ubuntu0.1 Ubuntu 16.04 LTS: postgresql-common 173ubuntu0.1 Ubuntu 14.04 LTS: postgresql-common 154ubuntu1.1 To update [ more… ]