Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-390-1 dbconfig-common

Debian Security Advisory

DLA-390-1 dbconfig-common -- LTS security update

Date Reported:

15 Jan 2016

Affected Packages:

dbconfig-common

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 805638.

More information:

It was discovered that dbconfig-common could, depending on the local umask, make PostgreSQL database backups that were readable by other users than the database owner. The issue is fixed in version 1.8.46+squeeze.1. Access rights to existing database backups (not only for PostgreSQL) will be limited to the owner of the backup during the upgrade of dbconfig-common to this version. Future upgrades will not change access rights in case the local administrator has specific requirements.

dbconfig-common is a Debian helper package that is used by a number of packages to manage the corresponding database.