[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1137-1] db4.7 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : db4.7
Version        : 4.7.25-21+deb7u1
CVE ID         : CVE-2017-10140
Debian Bug     : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
4.7.25-21+deb7u1.

We recommend that you upgrade your db4.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlnnmmIACgkQnUbEiOQ2
gwKvaw/+IQ1j2kLyceL8rEjz/s5/LdxCrUSchGuAyS8Uf9ASECv7CthoOAkxP5hs
p3VjgOXFoA0hBKFyuULLs+l7iPqL5Mbs2C30to4NUkpGjTFeGq7EFEu8UHlQBp8i
MG1RV0OBbqX6bXC/O/FzW+a54WjsBUs6CaZSB46L/q6r8mHAL9o6/2y3Zuej5pP8
PgXc3Ro/ngzXxTEZbsn28KF1t7vtSwKYPKy/MVlW70j2qOTSzgyjrYlWAcJ1cWbJ
qxau9PKgg8FDMaioGG9ATLg+35i1b3HtsvwEbpFIc5jr2b4/OJZ5oxd4lwGEFZhb
jUaXYi5lfY7dQpvD76E2S+iPMV2GWVsLJAKLcAn+g4SmCjn85naPj8ohYwIAaMMv
MOoaDQm6riLm1avj4TgNT1KC/Rurzas7DFMP3Yq4gYCc3uszWqBmdgUVL7VGB5uX
GEfOngZ86bkliqStafRmLA5cwMA739OhRyG4tBqPHV/bwhK0H1bWQ/ongMRTEw66
r5hyX95bJLXm1MUERTP0yeHXzKYS6BJt/MfBd7O2Hk2+9a8ufibJnmyH1CPSlcVv
CTRDx7n6UeWKETbF212LLmq8/2pUOQjTNBi8ohdSBo2IZQD+erTPLi6TQ01IEF2V
ItTVWOsteVI+mElRK3B8qXb1/D5bfdDpnkbirQy3B+m2DnAYu4s=
=KPfz
-----END PGP SIGNATURE-----
Reply to: