nss_db-2.2-35.4.AXS3

エラータID: AXSA:2010-227:01

Release date: 
Thursday, April 15, 2010 - 15:12
Subject: 
nss_db-2.2-35.4.AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Nss_db is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services, and shadow passwords (instead of or in addition to using flat files or NIS). Install nss_db if your flat name service files are too large and lookups are slow.
Security issues fixed in this release:
CVE-2010-0826
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

Solution: 

Update packages.

CVEs: 
CVE-2010-0826
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.


Additional Info: 

N/A

Download: 

SRPMS
  1. nss_db-2.2-35.4.AXS3.src.rpm
    MD5: 88f287e7310d4adc8256f142bf5e83c5
    SHA-256: 933f86bd73bf86a243d8f13f515b7cf48b123d598bd159f16cc2a513893675f7
    Size: 5.85 MB

Asianux Server 3 for x86
  1. nss_db-2.2-35.4.AXS3.i386.rpm
    MD5: 43c9fb640f95edf06e31c00d05e23234
    SHA-256: 614d96e8f38210e91118789a7868e5c756ec4fc99463adf12881c15e8a402663
    Size: 762.92 kB

Asianux Server 3 for x86_64
  1. nss_db-2.2-35.4.AXS3.x86_64.rpm
    MD5: b60eb50042265bc1225ce84e836a04c1
    SHA-256: 22e65c000fe08055c5ca01941772910348b1976d76e9111da3e1840914b11f71
    Size: 747.33 kB