CVE-2017-8806
postgresql-common - security update
5.5
MEDIUM
CVSS 3.1
EPSS 0.13%
Description
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
How to fix CVE-2017-8806
To remediate CVE-2017-8806, upgrade the affected package to a fixed version below.
- —upgrade to 188 or later
- —upgrade to 134wheezy6 or later
- —upgrade to 165+deb8u3 or later
Is CVE-2017-8806 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 188
- from 0, < 134wheezy6
- from 0, < 165+deb8u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |