[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1136-1] db4.8 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : db4.8
Version        : 4.8.30-12+deb7u1
CVE ID         : CVE-2017-10140
Debian Bug     : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
4.8.30-12+deb7u1.

We recommend that you upgrade your db4.8 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmfkACgkQnUbEiOQ2
gwKiGw//X7W2Q3CqJaLzWm7DFvvO+FwrAyfAgGGZlF4GFuP5GlMNwUTH2Hm8q0bH
51lWsHzZn/oSqTh3aTpNDw+xwqgbv32Z1HiJ8UBobEsU3MQXR/Zz1Rj1yoaY5jHK
BuSqTpB+1ON3DAs2zkCpWd8ULEAvVaDWVveRM1WVBj4A/uwye7u3bz0dqTHqqYo5
Hl7b+szPqXbDHOAZ3xMi/IZLQHwUBNYxeZ3Ioqv5N7AbjuQbJ6VsWP8RcdXjitFe
EIOnvTY4fmF6tptxuD1/ECIgvNNB1yARjaHt9Z3Z/UBOsxGcr9/LboiSKNxB1xaC
xbyzlte4PBji2gvfecs56SjcwDOZPqz6bPloc56uhNDxnNYmtW4KDv8bdx0JjUsY
rU/VcX3H7AVHbh9Yx9M0QrrofUoQW5Fzk1yWiaewvnGxcxytPynrgRnnRz8Yv51A
MBEkWv2dz07M8Alr76ZuaOiuRGD9rHZi3XTTcUsX/Se5fZXj5AeM5K1c6IOa6m84
edUxdl9IvKC4uvB+1QOX5AIjNov/JwLIiEdcelJ1KMY2WdsCpBhV8zI6b1BkDL9e
k+OMyLX+hWRHsgpUMZzN8l+L6oKYnKJ2abbaJlod6Dk2+lRui2vsKaDsbzDhmw7u
gw25mTkl18FZHL3O00ldTkdXjKONabqz+7anQjqLdjWVqEVseB8=
=v41K
-----END PGP SIGNATURE-----


Reply to: