==========================================================================
Ubuntu Security Notice USN-3489-1
November 21, 2017

db5.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Berkeley DB could be made to expose sensitive information.

Software Description:
– db5.3: Berkeley v5.3 Database Documentation [html]

Details:

It was discovered that Berkeley DB incorrectly handled certain
configuration files. An attacker could possibly use this issue to read
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  db5.3-util                      5.3.28-12ubuntu0.1
  libdb5.3                        5.3.28-12ubuntu0.1

Ubuntu 16.04 LTS:
  db5.3-util                      5.3.28-11ubuntu0.1
  libdb5.3                        5.3.28-11ubuntu0.1

Ubuntu 14.04 LTS:
  db5.3-util                      5.3.28-3ubuntu3.1
  libdb5.3                        5.3.28-3ubuntu3.1

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3489-1
  CVE-2017-10140

Package Information:
  https://launchpad.net/ubuntu/+source/db5.3/5.3.28-12ubuntu0.1
  https://launchpad.net/ubuntu/+source/db5.3/5.3.28-11ubuntu0.1
  https://launchpad.net/ubuntu/+source/db5.3/5.3.28-3ubuntu3.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaFKiwAAoJEEW851uECx9pJUIP/Ru7dTRTKuLJeY7B+78kQ6C9
uv7YgtBrudu0c1tUZ5OgyB66I+Dp3r9t7aHsQPYp7gtqCsG+ZRikbsB3zvjpEVD4
tuKAtNcr2wol7uIpL546P0uysI3nRE0q392kn+dWw1OFIY9J18HrvA1DEwX90mW1
IdW340pncnB9oOHe3tVRdh5paCiR7nxUyQogu5SnC0plR09XMWr4fHHMZ7YQMW1W
B8tutc4/Lv1tkPXLM5qAwC2+4I16htNVA6PefpN/ZL7nGaMl4BZNgQrwmJEEygIz
ATSkofyubi2OZRrztb+bUJLRKwv5DPVGGzdrYKjSI1SndSXhFWuxz2B6OsExVhwj
lcd3NLwzZiTzml/Xc1kecgelYVtlzvYdsfGQj9kIw6SXl3R2gQOSkDp9jNObtR9B
WIdEqHZViqLg2FsM35taLbrPa94Vxrqpbj6FNZW7c+O8ZagPAFiV8ydrRdqfuRUD
tslf0uCUyCghm0SSOf4szKWkpiXUWN5N8WKc63OY7UoiTyBoOXaaQuki0L68ArdH
HKiHAWM/ibT/bs7sMCC5ty7e5DgEbP48e78MvVnLwRaBEPcjUnjaEWmYG4YUJqkE
6aZnQ1NNx+rXlRGiU7s3Q2hhsbwZaTmUz9FK4Fig7LuMahXKvJe1Hi1JrZ+c6G7Q
ZrDu0JKUf6gnIB0Y7riO
=iGqR
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3489-2
November 21, 2017

db, db4.8 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Berkeley DB could be made to expose sensitive information.

Software Description:
– db: Berkeley v5.1 Database Utilities
– db4.8: Berkeley v4.8 Database Utilities

Details:

USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that Berkeley DB incorrectly handled certain
 configuration files. An attacker could possibly use this issue to read
 sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  db4.8-util                      4.8.30-11ubuntu1.1
  db5.1-util                      5.1.25-11ubuntu0.1
  libdb4.8                        4.8.30-11ubuntu1.1
  libdb5.1                        5.1.25-11ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3489-2
  https://www.ubuntu.com/usn/usn-3489-1
  CVE-2017-10140
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaFLWkAAoJEEW851uECx9pKrYQALB8dof96A6x8Cg/5EDnxYww
TBuX9qForjUSPTdi3blth8EYcXetswy/3MRpAzElakaxA+o4f5O3kZsQsp2dtHiM
gQLQ/bTliTD6PKoOpstgok56IZgq+IbY5vOcHA3bayCxsi/rAu7f9xoaE8JpwpaU
3cojx8k4OzIBMvcMhZq31p4hdpkvss7rP47YMq5pBBPViKMuIWv0v+H9PnGdB6PB
LEFdQuqVEpS7YXHX7smRS6dJj5NXGz8n2+MpnCxXIeoA+iL2w1uvH45sYbLtyY++
gWOAYxxNlW15tOE9Y4tcJKvNpg/HxaVRMAoZcKZQefqWHIpTlY6X7nCIG1zqmJm8
hFQh1nzUPWCWBiVMzFi4sJo4sZYZDIUzsI6QbkmdDeN2hp9GV69/rref5K661Qyv
9p4RW5q3C479eOIyC5L1PYXhy7bGSgaP1di9OW+MAy/Y1o3M2L/NI69en4+8Q8GI
AQ2PRPMsdZ3kNNGgtHx65xcHzbH8ujk0byP6wTYbLnXKrL1WNfLZevnQqFZ8Mh+y
oMNBXf37iyLhmeOJHR6gYV7M0XsrV9PQE9eEPTbulp0bW2yWV2kXe07o7HZxfruR
VRNq6tf1k2GM3DTbsw44oRDvVI/kNyfw9/7cB9CV9q5jIOqfCvXBO72AHK2FcCTl
7vq2LmvAmMclnDaBsShM
=JEp2
—–END PGP SIGNATURE—–
—