Описание
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| db5.3 | fixed | 5.3.28-13.1 | package | |
| db5.3 | fixed | 5.3.28-12+deb9u1 | stretch | package |
| db5.3 | fixed | 5.3.28-9+deb8u1 | jessie | package |
| db5.2 | removed | package | ||
| db5.1 | removed | package | ||
| db4.8 | removed | package | ||
| db4.7 | removed | package | ||
| db4.6 | removed | package | ||
| db4.5 | removed | package | ||
| db4.4 | removed | package | ||
| db4.3 | removed | package | ||
| db4.2 | removed | package | ||
| db4.1 | removed | package | ||
| db4.0 | removed | package | ||
| db | removed | package | ||
| db | fixed | 5.1.29-9+deb8u1 | jessie | package |
Примечания
https://www.openwall.com/lists/oss-security/2017/08/12/1
Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
EPSS
Связанные уязвимости
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
EPSS