==========================================================================
Ubuntu Security Notice USN-3489-1
November 21, 2017
db5.3 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
Berkeley DB could be made to expose sensitive information.
Software Description:
– db5.3: Berkeley v5.3 Database Documentation [html]
Details:
It was discovered that Berkeley DB incorrectly handled certain
configuration files. An attacker could possibly use this issue to read
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
db5.3-util 5.3.28-12ubuntu0.1
libdb5.3 5.3.28-12ubuntu0.1
Ubuntu 16.04 LTS:
db5.3-util 5.3.28-11ubuntu0.1
libdb5.3 5.3.28-11ubuntu0.1
Ubuntu 14.04 LTS:
db5.3-util 5.3.28-3ubuntu3.1
libdb5.3 5.3.28-3ubuntu3.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3489-1
CVE-2017-10140
Package Information:
https://launchpad.net/ubuntu/+source/db5.3/5.3.28-12ubuntu0.1
https://launchpad.net/ubuntu/+source/db5.3/5.3.28-11ubuntu0.1
https://launchpad.net/ubuntu/+source/db5.3/5.3.28-3ubuntu3.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaFKiwAAoJEEW851uECx9pJUIP/Ru7dTRTKuLJeY7B+78kQ6C9
uv7YgtBrudu0c1tUZ5OgyB66I+Dp3r9t7aHsQPYp7gtqCsG+ZRikbsB3zvjpEVD4
tuKAtNcr2wol7uIpL546P0uysI3nRE0q392kn+dWw1OFIY9J18HrvA1DEwX90mW1
IdW340pncnB9oOHe3tVRdh5paCiR7nxUyQogu5SnC0plR09XMWr4fHHMZ7YQMW1W
B8tutc4/Lv1tkPXLM5qAwC2+4I16htNVA6PefpN/ZL7nGaMl4BZNgQrwmJEEygIz
ATSkofyubi2OZRrztb+bUJLRKwv5DPVGGzdrYKjSI1SndSXhFWuxz2B6OsExVhwj
lcd3NLwzZiTzml/Xc1kecgelYVtlzvYdsfGQj9kIw6SXl3R2gQOSkDp9jNObtR9B
WIdEqHZViqLg2FsM35taLbrPa94Vxrqpbj6FNZW7c+O8ZagPAFiV8ydrRdqfuRUD
tslf0uCUyCghm0SSOf4szKWkpiXUWN5N8WKc63OY7UoiTyBoOXaaQuki0L68ArdH
HKiHAWM/ibT/bs7sMCC5ty7e5DgEbP48e78MvVnLwRaBEPcjUnjaEWmYG4YUJqkE
6aZnQ1NNx+rXlRGiU7s3Q2hhsbwZaTmUz9FK4Fig7LuMahXKvJe1Hi1JrZ+c6G7Q
ZrDu0JKUf6gnIB0Y7riO
=iGqR
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3489-2
November 21, 2017
db, db4.8 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
Berkeley DB could be made to expose sensitive information.
Software Description:
– db: Berkeley v5.1 Database Utilities
– db4.8: Berkeley v4.8 Database Utilities
Details:
USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Berkeley DB incorrectly handled certain
configuration files. An attacker could possibly use this issue to read
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
db4.8-util 4.8.30-11ubuntu1.1
db5.1-util 5.1.25-11ubuntu0.1
libdb4.8 4.8.30-11ubuntu1.1
libdb5.1 5.1.25-11ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3489-2
https://www.ubuntu.com/usn/usn-3489-1
CVE-2017-10140
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJaFLWkAAoJEEW851uECx9pKrYQALB8dof96A6x8Cg/5EDnxYww
TBuX9qForjUSPTdi3blth8EYcXetswy/3MRpAzElakaxA+o4f5O3kZsQsp2dtHiM
gQLQ/bTliTD6PKoOpstgok56IZgq+IbY5vOcHA3bayCxsi/rAu7f9xoaE8JpwpaU
3cojx8k4OzIBMvcMhZq31p4hdpkvss7rP47YMq5pBBPViKMuIWv0v+H9PnGdB6PB
LEFdQuqVEpS7YXHX7smRS6dJj5NXGz8n2+MpnCxXIeoA+iL2w1uvH45sYbLtyY++
gWOAYxxNlW15tOE9Y4tcJKvNpg/HxaVRMAoZcKZQefqWHIpTlY6X7nCIG1zqmJm8
hFQh1nzUPWCWBiVMzFi4sJo4sZYZDIUzsI6QbkmdDeN2hp9GV69/rref5K661Qyv
9p4RW5q3C479eOIyC5L1PYXhy7bGSgaP1di9OW+MAy/Y1o3M2L/NI69en4+8Q8GI
AQ2PRPMsdZ3kNNGgtHx65xcHzbH8ujk0byP6wTYbLnXKrL1WNfLZevnQqFZ8Mh+y
oMNBXf37iyLhmeOJHR6gYV7M0XsrV9PQE9eEPTbulp0bW2yWV2kXe07o7HZxfruR
VRNq6tf1k2GM3DTbsw44oRDvVI/kNyfw9/7cB9CV9q5jIOqfCvXBO72AHK2FcCTl
7vq2LmvAmMclnDaBsShM
=JEp2
—–END PGP SIGNATURE—–
—