==========================================================================
Ubuntu Security Notice USN-3476-2
November 27, 2017
postgresql-common vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
postgresql-common could be made to overwrite files as the
administrator.
Software Description:
– postgresql-common: PostgreSQL database-cluster manager
Details:
USN-3476-1 fixed two vulnerabilities in postgresql-common. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Dawid Golunski discovered that the postgresql-common pg_ctlcluster
script incorrectly handled symlinks. A local attacker could possibly
use this issue to escalate privileges. (CVE-2016-1255)
It was discovered that the postgresql-common helper scripts
incorrectly handled symlinks. A local attacker could possibly use this
issue to escalate privileges. (CVE-2017-8806)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
postgresql-common 129ubuntu1.2
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3476-2
https://www.ubuntu.com/usn/usn-3476-1
CVE-2016-1255, CVE-2017-8806
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaHF0TAAoJEEW851uECx9ppoMQAIYNpRtmWNshe1kHZR+EzQJ/
riP7XJQXTHTxA6I/z+K/mZFGr9aVIzqwZu4uS2aEDVXQon7XAAICOR42x6u5ia2L
A6G714rztkREju4co5ah/gs/LpuFLfs2JCFM86TU+47s22ruyaNRTNM2fbMbXocB
8B0MHK2WOfSYpzY0vxVZWzFNPVhX5NCQApoj90dvxoRAJr5Z2FxghR3jRDSbjvH6
DUCf70TP18wamK4Zt7s1IXxLulNJ5U1EtiZvmm2UYPhhAerGlTIkGE84T44KZCcy
xtK5AMnpZo2NO+Hf1H1OaETgYdCqpFKTXig6f1yfksG5DDANuMN5UBL3U1kerTZd
tqHzhYxZgkrgryizymA//jQxR8/5PE01iTIlKd2J5pTsRoY8XzDfVwHNNG+8h05p
s/GURSAIKPntzd8uQuSPKeJnic1yenE5UpHPBm9YDjXakf7w0GaNtmwRwtt+afA5
sy5LlmMDKc+2jnDra07vp9USh+VSwvS7w2oOQ/qpxiCvCsIllIn4snoYDnJyFbZV
BTmuG4Z2+ljQSbI5dbE/gY0WzyiXumtlj90Zecc7yjKbDtQQWaBCh5lAkIi6dqkh
4aqRPUqWsy/nYacCWVqyyGG2EOvgUEBzGSlrNh++tDoQq1dkxTDLlyZjYgSKHmaj
i4/eJpmQin1w1T+DmUvg
=MIzR
—–END PGP SIGNATURE—–
—