Ubuntu Security Notice USN-6-1
27th October, 2004
postgresql contributed script vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Recently, Trustix Secure Linux discovered a vulnerability in the
postgresql-contrib package. The script "make_oidjoins_check" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the script.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- postgresql-contrib
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None