MDVSA-2010:077
- Package name
- nss_db
- Date
- 2010-04-17
- Advisory ID
- MDVSA-2010:077
- Affected versions
- MES5 i586 , MES5 x86_64 , 2010.0 x86_64 , 2010.0 i586
Problem description
A vulnerability has been found and corrected in nss_db:
The Free Software Foundation (FSF) Berkeley DB NSS module (aka
libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working
directory, which allows local users to obtain sensitive information
via a symlink attack involving a setgid or setuid application that
uses this module (CVE-2010-0826).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
598dd6ff4118757d9d2930f94486e0bf mes5/i586/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.i586.rpm 194e4cab894286ce36793880ac889db5 mes5/SRPMS/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.src.rpm
MES5 x86_64
aaf70dc135560db8ccd17831154ce259 mes5/x86_64/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.x86_64.rpm 194e4cab894286ce36793880ac889db5 mes5/SRPMS/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.src.rpm
2010.0 x86_64
4fcc55504d8633eabb9bb38a28efd452 2010.0/x86_64/nss_db-2.2.3-0.pre1.6.1mdv2010.0.x86_64.rpm 52035dfcb699e657a5640dea089fd1f8 2010.0/SRPMS/nss_db-2.2.3-0.pre1.6.1mdv2010.0.src.rpm
2010.0 i586
fe731e1f872f7a06fef5a1d3e5b608f3 2010.0/i586/nss_db-2.2.3-0.pre1.6.1mdv2010.0.i586.rpm 52035dfcb699e657a5640dea089fd1f8 2010.0/SRPMS/nss_db-2.2.3-0.pre1.6.1mdv2010.0.src.rpm