漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the postgresql-common pg_ctlcluster script incorrectly handled symlinks.
It was discovered that the postgresql-common helper scripts incorrectly handled symlinks.
漏洞危害
A local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-1255)
A local attacker could possibly use this issue to escalate privileges. (CVE-2017-8806)
解决方案
Refer to Ubuntu advisory USN-3476-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3476-1: 16.04 (Xenial) on src (postgresql-common)
USN-3476-1: 17.10 (artful) on src (postgresql-common)
0daybank
文章评论