[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1135-1] db security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : db
Version        : 5.1.29-5+deb7u1
CVE ID         : CVE-2017-10140
Debian Bug     : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
5.1.29-5+deb7u1.

We recommend that you upgrade your db packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmWAACgkQnUbEiOQ2
gwLBOQ//WEYKg7qbbW3IOfr6xYwbmpylxqxS+lYvGY1sJ6phprZSUbfzod9TBP3P
1/cI20KvkomEpLs9ThgpMJJ41uRRFkTrfkb+rxF7hWcOABxDPLz8K9gw/YlYFnQU
Zyjgdb+BjkYf4HpaoIZKe9wWJ3vepUfNQeOWHhdKXHi/8vLXwEVQaac+DFwEKkHm
XO+dkV/nAgz8+G9pDqZhca7q0hcXeyZcjplN1eEXQs165ah3LwjO7MdaGF2J0eRG
MQW7pk20EZIxFcFiKarEEKQ2Fuq81lunOy9vlvZNoGcfBMJGOStwgJqAhz5WoY5p
3qq+XIxcknNcc3J1psvbYRQFQ1VHpNg5AesZWkIuFxWE0QUU1VY7MuPddUORa0sh
5Uz7Fx29grfxrzm2y44EC7aEgU+C7rw9eRUA5wT9C4VwUdY+tTtggijpew+3NND3
Rk4WjDHJRnwOj6DY4SqRrAjhgHwQwc+1NAxwahooQFr1LANnB6qV0v/4AKfrGJS0
kUqsdt+SmLQQCAW9HsaVV7MY5D+Yv0BTCqHkaNz3kfVGWAg00+HOzS19oVu/+seh
DyZ7Cmj+329a+OvFUvGYMuZ44gngSGMeGWX+IFIv114oz2q9Nx8lQVsUh8wdzpI6
J+ZWyc4CeGMGBETo42ZGVVflSWnQBr/MtgrxxrGWXDI2RFXpONk=
=CQvd
-----END PGP SIGNATURE-----


Reply to: