Your submission was sent successfully! Close

USN-6-1: postgresql contributed script vulnerability

27 October 2004

postgresql contributed script vulnerability

Releases

Details

Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the script.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
  • postgresql-contrib -

In general, a standard system update will make all the necessary changes.

References