The Debian pg_ctlcluster, pg_createcluster, and...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published by the National Vulnerability Database
Nov 13, 2017
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Apr 11, 2024
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
References