You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa postgresql-common

Sigurnosni nedostaci programskog paketa postgresql-common

==========================================================================
Ubuntu Security Notice USN-3476-2
November 27, 2017

postgresql-common vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

postgresql-common could be made to overwrite files as the
administrator.

Software Description:
– postgresql-common: PostgreSQL database-cluster manager

Details:

USN-3476-1 fixed two vulnerabilities in postgresql-common. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Dawid Golunski discovered that the postgresql-common pg_ctlcluster
 script incorrectly handled symlinks. A local attacker could possibly
 use this issue to escalate privileges. (CVE-2016-1255)

 It was discovered that the postgresql-common helper scripts
 incorrectly handled symlinks. A local attacker could possibly use this
 issue to escalate privileges. (CVE-2017-8806)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  postgresql-common               129ubuntu1.2

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3476-2
  https://www.ubuntu.com/usn/usn-3476-1
  CVE-2016-1255, CVE-2017-8806
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaHF0TAAoJEEW851uECx9ppoMQAIYNpRtmWNshe1kHZR+EzQJ/
riP7XJQXTHTxA6I/z+K/mZFGr9aVIzqwZu4uS2aEDVXQon7XAAICOR42x6u5ia2L
A6G714rztkREju4co5ah/gs/LpuFLfs2JCFM86TU+47s22ruyaNRTNM2fbMbXocB
8B0MHK2WOfSYpzY0vxVZWzFNPVhX5NCQApoj90dvxoRAJr5Z2FxghR3jRDSbjvH6
DUCf70TP18wamK4Zt7s1IXxLulNJ5U1EtiZvmm2UYPhhAerGlTIkGE84T44KZCcy
xtK5AMnpZo2NO+Hf1H1OaETgYdCqpFKTXig6f1yfksG5DDANuMN5UBL3U1kerTZd
tqHzhYxZgkrgryizymA//jQxR8/5PE01iTIlKd2J5pTsRoY8XzDfVwHNNG+8h05p
s/GURSAIKPntzd8uQuSPKeJnic1yenE5UpHPBm9YDjXakf7w0GaNtmwRwtt+afA5
sy5LlmMDKc+2jnDra07vp9USh+VSwvS7w2oOQ/qpxiCvCsIllIn4snoYDnJyFbZV
BTmuG4Z2+ljQSbI5dbE/gY0WzyiXumtlj90Zecc7yjKbDtQQWaBCh5lAkIi6dqkh
4aqRPUqWsy/nYacCWVqyyGG2EOvgUEBzGSlrNh++tDoQq1dkxTDLlyZjYgSKHmaj
i4/eJpmQin1w1T+DmUvg
=MIzR
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa rh-mysql56-mysql

Otkriveni su sigurnosni nedostaci u programskom paketu rh-mysql56-mysql za operacijski sustav Red Hat. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada...

Close