The Debian pgctlcluster, pgcreatecluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.3+154ubuntu1.1", "binary_name": "postgresql" }, { "binary_version": "9.3+154ubuntu1.1", "binary_name": "postgresql-client" }, { "binary_version": "154ubuntu1.1", "binary_name": "postgresql-client-common" }, { "binary_version": "154ubuntu1.1", "binary_name": "postgresql-common" }, { "binary_version": "9.3+154ubuntu1.1", "binary_name": "postgresql-contrib" }, { "binary_version": "9.3+154ubuntu1.1", "binary_name": "postgresql-doc" }, { "binary_version": "154ubuntu1.1", "binary_name": "postgresql-server-dev-all" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "9.5+173ubuntu0.1", "binary_name": "postgresql" }, { "binary_version": "9.5+173ubuntu0.1", "binary_name": "postgresql-client" }, { "binary_version": "173ubuntu0.1", "binary_name": "postgresql-client-common" }, { "binary_version": "173ubuntu0.1", "binary_name": "postgresql-common" }, { "binary_version": "9.5+173ubuntu0.1", "binary_name": "postgresql-contrib" }, { "binary_version": "9.5+173ubuntu0.1", "binary_name": "postgresql-doc" }, { "binary_version": "173ubuntu0.1", "binary_name": "postgresql-server-dev-all" } ] }