Debian 9843 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

DLA 1135-1: db security update
DLA 1136-1: db4.8 security update
DLA 1137-1: db4.7 security update



DLA 1135-1: db security update




Package : db
Version : 5.1.29-5+deb7u1
CVE ID : CVE-2017-10140
Debian Bug : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
5.1.29-5+deb7u1.

We recommend that you upgrade your db packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1136-1: db4.8 security update




Package : db4.8
Version : 4.8.30-12+deb7u1
CVE ID : CVE-2017-10140
Debian Bug : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
4.8.30-12+deb7u1.

We recommend that you upgrade your db4.8 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


DLA 1137-1: db4.7 security update




Package : db4.7
Version : 4.7.25-21+deb7u1
CVE ID : CVE-2017-10140
Debian Bug : 872436

It was found that the Berkeley DB reads DB_CONFIG from the current
working directory, leading to information leak by tricking privileged
processes into reading arbitrary files.

For Debian 7 "Wheezy", these problems have been fixed in version
4.7.25-21+deb7u1.

We recommend that you upgrade your db4.7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS