Nom du paquet
nss_db
Date
2010-04-17
Advisory ID
MDVSA-2010:077
Affected versions
MES5 i586 , MES5 x86_64 , 2010.0 x86_64 , 2010.0 i586

Problem description

A vulnerability has been found and corrected in nss_db:

The Free Software Foundation (FSF) Berkeley DB NSS module (aka
libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working
directory, which allows local users to obtain sensitive information
via a symlink attack involving a setgid or setuid application that
uses this module (CVE-2010-0826).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 598dd6ff4118757d9d2930f94486e0bf  mes5/i586/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.i586.rpm 
 194e4cab894286ce36793880ac889db5  mes5/SRPMS/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.src.rpm

MES5 x86_64

 aaf70dc135560db8ccd17831154ce259  mes5/x86_64/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.x86_64.rpm 
 194e4cab894286ce36793880ac889db5  mes5/SRPMS/nss_db-2.2.3-0.pre1.4.1mdvmes5.1.src.rpm

2010.0 x86_64

 4fcc55504d8633eabb9bb38a28efd452  2010.0/x86_64/nss_db-2.2.3-0.pre1.6.1mdv2010.0.x86_64.rpm 
 52035dfcb699e657a5640dea089fd1f8  2010.0/SRPMS/nss_db-2.2.3-0.pre1.6.1mdv2010.0.src.rpm

2010.0 i586

 fe731e1f872f7a06fef5a1d3e5b608f3  2010.0/i586/nss_db-2.2.3-0.pre1.6.1mdv2010.0.i586.rpm 
 52035dfcb699e657a5640dea089fd1f8  2010.0/SRPMS/nss_db-2.2.3-0.pre1.6.1mdv2010.0.src.rpm

References