It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files. For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 181+deb9u1. We recommend that you upgrade your postgresql-common packages.
It was discovered that the pg_ctlcluster, pg_createcluster and pg_upgradecluster commands handled symbolic links insecurely which could result in local denial of service by overwriting arbitrary files.
For the oldstable distribution (jessie), this problem has been fixed in version 165+deb8u3.
For the stable distribution (stretch), this problem has been fixed in version 181+deb9u1.
We recommend that you upgrade your postgresql-common packages.