Updated db48 and db53 packages fix security vulnerability
Publication date: 19 Oct 2017Modification date: 19 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10140
Description
It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function (CVE-2017-10140).
References
SRPMS
5/core
- db48-4.8.30-18.1.mga5
- db53-5.3.28-4.1.mga5
6/core
- db48-4.8.30-21.1.mga6
- db53-5.3.28-10.1.mga6