Debian Security Advisory
DSA-4029-1 postgresql-common -- security update
- Date Reported:
- 09 Nov 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-8806.
- More information:
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.
For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3.
For the stable distribution (stretch), this problem has been fixed in version 181+deb9u1.
We recommend that you upgrade your postgresql-common packages.