VulnerableCode Package Details - pkg:deb/debian/postgresql-common@165

Search for packages

Vulnerability	Summary	Fixed by
VCID-598f-7r11-eyhe Aliases: CVE-2017-8806	The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.	165+deb8u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 181+deb9u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 200+deb10u5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-mru5-m6c1-m7dd Aliases: CVE-2019-3466	pg_ctlcluster script in postgresql-common does not drop privileges when creating socket/statistics temporary directoriesmore details	181+deb9u3 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 200+deb10u5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 225+deb11u1 Affected by 0 other vulnerabilities.
VCID-rx4s-pkpr-qygm Aliases: CVE-2016-1255	The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.	181+deb9u1~bpo8+1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-598f-7r11-eyhe
Aliases:
CVE-2017-8806

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

165+deb8u3
Affected by 3 other vulnerabilities.

181+deb9u3
Affected by 2 other vulnerabilities.

200+deb10u5
Affected by 1 other vulnerability.

VCID-mru5-m6c1-m7dd
Aliases:
CVE-2019-3466

pg_ctlcluster script in postgresql-common does not drop privileges when creating socket/statistics temporary directoriesmore details

181+deb9u3
Affected by 2 other vulnerabilities.

200+deb10u5
Affected by 1 other vulnerability.

225+deb11u1
Affected by 0 other vulnerabilities.

VCID-rx4s-pkpr-qygm
Aliases:
CVE-2016-1255

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

181+deb9u1~bpo8+1
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:15:08.715965+00:00	Debian Oval Importer	Affected by	VCID-rx4s-pkpr-qygm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:50:19.199551+00:00	Debian Oval Importer	Affected by	VCID-598f-7r11-eyhe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:30:32.776749+00:00	Debian Oval Importer	Affected by	VCID-mru5-m6c1-m7dd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:17:58.997782+00:00	Debian Oval Importer	Affected by	VCID-mru5-m6c1-m7dd	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T22:43:56.507041+00:00	Debian Oval Importer	Affected by	VCID-598f-7r11-eyhe	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:32:54.961516+00:00	Debian Oval Importer	Affected by	VCID-mru5-m6c1-m7dd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:06:54.483623+00:00	Debian Oval Importer	Affected by	VCID-598f-7r11-eyhe	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0