Bug 21203 - db new security issue (reads DB_CONFIG from cwd) - CVE-2017-10140
Summary: db new security issue (reads DB_CONFIG from cwd) - CVE-2017-10140
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32...
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-07-08 17:35 CEST by David Walser
Modified: 2017-10-20 00:06 CEST (History)
12 users (show)

See Also:
Source RPM: db48-4.8.30-21.mga6.src.rpm, db53-5.3.28-10.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-07-08 17:35:05 CEST
Fedora has issued an advisory on July 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JKFB2V7HP5V4KCYKSXMTWUDWUWQOV3S/

This had been previously discussed on oss-security:
http://openwall.com/lists/oss-security/2017/06/10/1

Mageia 5 is also affected.
David Walser 2017-07-08 17:35:12 CEST

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja van Waes 2017-07-08 23:11:34 CEST
Assigning to Shlomi, because he maintains db1 and db48
CC'ing tv, who maintains db53
Shlomi, if tv doesn't object: can you take care of db53 too?

CC: (none) => marja11, thierry.vignaud
Assignee: bugsquad => shlomif

Comment 2 Shlomi Fish 2017-07-08 23:16:52 CEST
(In reply to Marja van Waes from comment #1)
> Assigning to Shlomi, because he maintains db1 and db48
> CC'ing tv, who maintains db53
> Shlomi, if tv doesn't object: can you take care of db53 too?

Yes, I can.
Comment 3 Shlomi Fish 2017-07-08 23:49:13 CEST
lib64db4.8-4.8.30-18.1.mga6.x86_64.rpm and related packages pushed to mga5 core/updates_testing.
Comment 4 David Walser 2017-07-09 01:41:17 CEST
(In reply to Shlomi Fish from comment #3)
> lib64db4.8-4.8.30-18.1.mga6.x86_64.rpm and related packages pushed to mga5
> core/updates_testing.

libdb4.8-4.8.30-18.1.mga5
libdbcxx4.8-4.8.30-18.1.mga5
libdbtcl4.8-4.8.30-18.1.mga5
db48-utils-4.8.30-18.1.mga5
libdb4.8-devel-4.8.30-18.1.mga5
libdb4.8-static-devel-4.8.30-18.1.mga5
libdbnss4.8-4.8.30-18.1.mga5
libdbnss4.8-devel-4.8.30-18.1.mga5

from db48-4.8.30-18.1.mga5.src.rpm
Comment 5 Shlomi Fish 2017-07-09 10:47:52 CEST
The feature does not seem to exist in db1, which is old and has limited functionality. See:

<<<<<<

shlomif[rpms]:$mageia/5/db1$ ag DB_CON
shlomif[rpms]:$mageia/5/db1$ ag env
SOURCES/db.1.85.patch
111:-   char *envtmp;
113:+   const char *envtmp;
118:    envtmp = getenv("TMPDIR");
120:-       sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : "/tmp");
121:+   if (!envtmp)
122:+     envtmp = "/tmp";
123:+   n = strlen (envtmp) + sizeof fmt;
129:+   (void)snprintf(path, n, fmt, envtmp ? envtmp : "/tmp");

BUILD/db.1.85/PORT/include/cdefs.h
84: * In non-ANSI C environments, new programs will want ANSI-only C keywords

BUILD/db.1.85/btree/bt_open.c
393:    const char *envtmp;
398:    envtmp = getenv("TMPDIR");
399:    if (!envtmp)
400:      envtmp = "/tmp";
401:    n = strlen (envtmp) + sizeof fmt;
407:    (void)snprintf(path, n, fmt, envtmp ? envtmp : "/tmp");

BUILD/db.1.85/docs/libtp.usenix.ps
6049:3218(environments.)X
6556:2476(environment,)X
7495:3696(environment.)X
7502:1912(environment)X
8120:2834(environments,)X
8509:1456(environment.)X
8537:2886(environment.)X

BUILD/db.1.85/test/README
14:"/var/tmp".  If the latter directory doesn't exist, set the environmental

BUILD/db.1.85/test/dbtest.c
154:            p = getenv("TMPDIR");
shlomif[rpms]:$mageia/5/db1$

>>>>>>

As a result, I removed db1 from the affected packages.

Source RPM: db1-1.85-28.mga6.src.rpm, db48-4.8.30-21.mga6.src.rpm, db53-5.3.28-10.mga6.src.rpm => db48-4.8.30-21.mga6.src.rpm, db53-5.3.28-10.mga6.src.rpm

Comment 6 Nicolas Lécureuil 2017-08-10 22:07:11 CEST
what need to be done here to validate ?

CC: (none) => mageia

Comment 7 David Walser 2017-08-10 23:03:34 CEST
db5.3 also needs to be fixed.
Comment 8 Nicolas Lécureuil 2017-08-11 23:49:50 CEST
db53 is now fixed:

src.rpm:
        db53-5.3.28-10.1.mga6
        db53-5.3.28-4.1.mga5

Version: Cauldron => 6
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Assignee: shlomif => qa-bugs

Comment 9 David Walser 2017-08-12 00:12:14 CEST
As usual, mga5 didn't build.

Built for mga6:
libdb5.3-5.3.28-10.1.mga6
libdbcxx5.3-5.3.28-10.1.mga6
libdbsql5.3-5.3.28-10.1.mga6
libdbjava5.3-5.3.28-10.1.mga6
libdbtcl5.3-5.3.28-10.1.mga6
db53-utils-5.3.28-10.1.mga6
db53_recover-5.3.28-10.1.mga6
libdb5.3-devel-5.3.28-10.1.mga6
libdb5.3-static-devel-5.3.28-10.1.mga6
libdbnss5.3-5.3.28-10.1.mga6
libdbnss5.3-devel-5.3.28-10.1.mga6

from db53-5.3.28-10.1.mga6.src.rpm

Assignee: qa-bugs => mageia
CC: (none) => qa-bugs

Comment 10 Nicolas Lécureuil 2017-08-12 00:54:09 CEST
now it is ;)

Assignee: mageia => qa-bugs

Comment 11 David Walser 2017-08-12 01:31:34 CEST
Shlomi patched db48 for Mageia 5 but forgot to patch Mageia 6 (!?).  Building now.

CC: (none) => shlomif

Comment 12 David Walser 2017-08-12 01:36:31 CEST
Advisory:
========================

Updated db48 and db53 packages fix security vulnerability:

It was found that Berkeley DB reads the DB_CONFIG configuration file from the
current working directory by default. This happens when calling db_create()
with dbenv=NULL; or using the dbm_open() function.

References:
http://openwall.com/lists/oss-security/2017/06/10/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JKFB2V7HP5V4KCYKSXMTWUDWUWQOV3S/
========================

Updated packages in core/updates_testing:
========================
libdb4.8-4.8.30-18.1.mga5
libdbcxx4.8-4.8.30-18.1.mga5
libdbtcl4.8-4.8.30-18.1.mga5
db48-utils-4.8.30-18.1.mga5
libdb4.8-devel-4.8.30-18.1.mga5
libdb4.8-static-devel-4.8.30-18.1.mga5
libdbnss4.8-4.8.30-18.1.mga5
libdbnss4.8-devel-4.8.30-18.1.mga5
libdb5.3-5.3.28-4.1.mga5
libdbcxx5.3-5.3.28-4.1.mga5
libdbsql5.3-5.3.28-4.1.mga5
libdbjava5.3-5.3.28-4.1.mga5
libdbtcl5.3-5.3.28-4.1.mga5
db53-utils-5.3.28-4.1.mga5
db53_recover-5.3.28-4.1.mga5
libdb5.3-devel-5.3.28-4.1.mga5
libdb5.3-static-devel-5.3.28-4.1.mga5
libdbnss5.3-5.3.28-4.1.mga5
libdbnss5.3-devel-5.3.28-4.1.mga5
libdb4.8-4.8.30-21.1.mga6
libdbcxx4.8-4.8.30-21.1.mga6
libdbtcl4.8-4.8.30-21.1.mga6
db48-utils-4.8.30-21.1.mga6
libdb4.8-devel-4.8.30-21.1.mga6
libdb4.8-static-devel-4.8.30-21.1.mga6
libdbnss4.8-4.8.30-21.1.mga6
libdbnss4.8-devel-4.8.30-21.1.mga6
libdb5.3-5.3.28-10.1.mga6
libdbcxx5.3-5.3.28-10.1.mga6
libdbsql5.3-5.3.28-10.1.mga6
libdbjava5.3-5.3.28-10.1.mga6
libdbtcl5.3-5.3.28-10.1.mga6
db53-utils-5.3.28-10.1.mga6
db53_recover-5.3.28-10.1.mga6
libdb5.3-devel-5.3.28-10.1.mga6
libdb5.3-static-devel-5.3.28-10.1.mga6
libdbnss5.3-5.3.28-10.1.mga6
libdbnss5.3-devel-5.3.28-10.1.mga6

from SRPMS:
db48-4.8.30-18.1.mga5.src.rpm
db53-5.3.28-4.1.mga5.src.rpm
db48-4.8.30-21.1.mga6.src.rpm
db53-5.3.28-10.1.mga6.src.rpm
Comment 13 David Walser 2017-08-13 00:32:08 CEST
Good timing, a CVE has been assigned:
http://openwall.com/lists/oss-security/2017/08/12/1

Advisory:
========================

Updated db48 and db53 packages fix security vulnerability:

It was found that Berkeley DB reads the DB_CONFIG configuration file from the
current working directory by default. This happens when calling db_create()
with dbenv=NULL; or using the dbm_open() function (CVE-2017-10140).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140
http://openwall.com/lists/oss-security/2017/08/12/1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JKFB2V7HP5V4KCYKSXMTWUDWUWQOV3S/

Summary: db new security issue (reads DB_CONFIG from cwd) => db new security issue (reads DB_CONFIG from cwd) - CVE-2017-10140

nathan giovannini 2017-08-14 10:46:38 CEST

CC: (none) => nathan95
Whiteboard: MGA5TOO => MGA5TOO advisory MGA6-64-OK

Comment 14 Herman Viaene 2017-08-18 14:02:13 CEST
MGA5-32 on Asus A6000VM
Problem on installation:
when installing the libdb4 packages and dependencies I get:
db-devel < 5.3 conflicts with (installed) libdb5.3-devel-5.3.28-4.mga5.i586
Uninstalling this one provokes:
- libetpan-devel-1.6-1.1.mga5.i586 to be removed.

CC: (none) => herman.viaene

Comment 15 Shlomi Fish 2017-08-18 17:24:49 CEST
(In reply to Herman Viaene from comment #14)
> MGA5-32 on Asus A6000VM
> Problem on installation:
> when installing the libdb4 packages and dependencies I get:
> db-devel < 5.3 conflicts with (installed) libdb5.3-devel-5.3.28-4.mga5.i586
> Uninstalling this one provokes:
> - libetpan-devel-1.6-1.1.mga5.i586 to be re

You can blacklist the conflicting packages. Please do that.
Comment 16 Len Lawrence 2017-08-24 22:29:31 CEST
@herman: comment 14
The same on mga6.
A requested package cannot be installed:
lib64db5.3-devel-5.3.28-10.mga6.x86_64 (in order to keep lib64db5.3-devel-5.3.28-10.1.mga6.x86_64)

It is not clear to me which package should be blacklisted, and how do you do that anyway?  Do we blacklist the one that is already installed?  I am installing individual packages before the update so should we simply avoid installing this devel package?  If we cannot install it we cannot OK the update - it is not a clean install.

I'm baffled (= confused and bewildered).

CC: (none) => tarazed25

Comment 17 David Walser 2017-08-24 23:45:51 CEST
Why are you trying to downgrade the devel package?  The testing version is already installed.
Comment 18 Len Lawrence 2017-08-25 00:05:38 CEST
Yes, you are correct.  Don't know how this has happened because I have not tackled this update before.  The pre-update packages installed fine up to this point.  That is a weird one.  Looking at what is installed,  the 4.8 series seem to be pre-update and the 5.3 series tends to be the update version.  Better clean this up.  Thanks.

It looks like Herman might have a different problem.
Comment 19 Herman Viaene 2017-08-25 14:07:33 CEST
In view of all above, I installed only the 5.3 packages. No issues at that. But now what to test??? The db_create command as mentioned in Comment 12 is not part of this update. I checked the commands in db53-utils and the only one that returned me some output that made sense to me (more or less):
$ db53_log_verify 
Number of active transactions: 0;
Number of committed transactions: 0;
Number of aborted transactions: 0;
Number of prepared transactions: 0;
Total number of checkpoint: 0;
Total number of non-transactional updates: 0;
Total number of unknown log records: 0;
Total number of app-specific log record: 0;
The number of each type of log record:

	__dbreg_register : 0;

	__txn_regop : 0;

	__txn_ckp : 0;
and a lot more of these.
Comment 20 David Walser 2017-08-25 14:24:09 CEST
If the utils packages don't give a useful way to test this, then you'll have to look at other packages that require these libraries and use one of those to test them.  I can't check right now, but off the top of my head, I believe RPM itself uses one of the libdb versions for its package database, and the php-dba module can be used to create your own simple database where I think bdb is one of the format choices.  If you are able to test it that way, you may even be able to reproduce the vulnerability.  If you want an example php-dba script, check our Bugzilla for old PHP security updates.  I had posted some test cased that use it.  Note that you would have to edit them to use bdb instead of gdbm as the database format if you want to use my stuff to test this.
Comment 21 Lewis Smith 2017-09-06 13:00:35 CEST
Prior to trying M5/64

These are the programs in *-utils:
$ urpmq -l db48-utils | grep /bin/ | sort
 /usr/bin/db_archive
 /usr/bin/db_checkpoint
 /usr/bin/db_deadlock
 /usr/bin/db_dump
 /usr/bin/db_dump185
 /usr/bin/db_hotbackup
 /usr/bin/db_load
 /usr/bin/db_printlog
 /usr/bin/db_recover
 /usr/bin/db_sql
 /usr/bin/db_stat
 /usr/bin/db_upgrade
 /usr/bin/db_verify

$ urpmq -l db53-utils | grep /bin/ | sort
 /usr/bin/db53_archive
 /usr/bin/db53_checkpoint
 /usr/bin/db53_deadlock
 /usr/bin/db53_dump
 /usr/bin/db53_dump185
 /usr/bin/db53_hotbackup
 /usr/bin/db53_load
 /usr/bin/db53_log_verify
 /usr/bin/db53_printlog
 /usr/bin/db53_replicate
 /usr/bin/db5.3_sql
 /usr/bin/db53_stat
 /usr/bin/db53_tuner
 /usr/bin/db53_upgrade
 /usr/bin/db53_verify
'db5.3_sql' is missing frm my system.
'db53_recover' is a separate package/program.

"Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default."
So where *should* it read it from? And what is the pathname? I will hunt. Would this not be easier to probe? Put a control duplicate with an obviously different parameter, perhaps, to see which one gets used by db_create(), dbm_open(). Unless every call of these 2 procedures is in question...

Otherwise, it looks as if we can do no more than see that a few of the utilities still work, since we cannot monitor the db_create() or dbm_open() functions which presumably are embedded in the various libraries.

CC: (none) => lewyssmith

Comment 22 David Walser 2017-09-06 14:34:00 CEST
Running your command(s) through strace would show what files it's opening or trying to open.
Comment 23 Samuel Verschelde 2017-09-06 15:06:48 CEST
Moving 'advisory' from whiteboard to keywords now that madb has been updated to handle that keyword.

Whiteboard: MGA5TOO advisory MGA6-64-OK => MGA5TOO MGA6-64-OK
Keywords: (none) => advisory

Comment 24 Lewis Smith 2017-09-11 20:55:20 CEST
Exploring around this thing.
The packages in Comment 12: use the *version* to group them. Thus the following groups go together - less intimidating thus:

db48 M5 (beware the lib64... where appropriate)
-------
db48-utils-4.8.30-18.1.mga5
libdb4.8-4.8.30-18.1.mga5
libdbcxx4.8-4.8.30-18.1.mga5
libdbtcl4.8-4.8.30-18.1.mga5
libdb4.8-devel-4.8.30-18.1.mga5
libdb4.8-static-devel-4.8.30-18.1.mga5
libdbnss4.8-4.8.30-18.1.mga5
libdbnss4.8-devel-4.8.30-18.1.mga5

db53 M5 (beware the lib64... where appropriate)
-------
db53-utils-5.3.28-4.1.mga5
db53_recover-5.3.28-4.1.mga5
libdb5.3-5.3.28-4.1.mga5
libdbcxx5.3-5.3.28-4.1.mga5
libdbsql5.3-5.3.28-4.1.mga5
libdbjava5.3-5.3.28-4.1.mga5
libdbtcl5.3-5.3.28-4.1.mga5
libdb5.3-devel-5.3.28-4.1.mga5
libdb5.3-static-devel-5.3.28-4.1.mga5
libdbnss5.3-5.3.28-4.1.mga5
libdbnss5.3-devel-5.3.28-4.1.mga5

[My own equivalent installed list is:
 db53_recover-5.3.28-4.mga5
 db53-utils-5.3.28-4.mga5
 lib64dbnss5.3-5.3.28-4.mga5
 lib64db5.3-5.3.28-4.mga5
 lib64dbsql5.3-5.3.28-4.mga5
+ perversely for db48, not installed, lib64dbcxx4.8-4.8.30-18.mga5]

db48 M6 (beware the lib64... where appropriate)
-------
db48-utils-4.8.30-21.1.mga6
libdb4.8-4.8.30-21.1.mga6
libdbcxx4.8-4.8.30-21.1.mga6
libdbtcl4.8-4.8.30-21.1.mga6
libdb4.8-devel-4.8.30-21.1.mga6
libdb4.8-static-devel-4.8.30-21.1.mga6
libdbnss4.8-4.8.30-21.1.mga6
libdbnss4.8-devel-4.8.30-21.1.mga6

db53 M6 (beware the lib64... where appropriate)
-------
db53-utils-5.3.28-10.1.mga6
db53_recover-5.3.28-10.1.mga6
libdb5.3-5.3.28-10.1.mga6
libdbcxx5.3-5.3.28-10.1.mga6
libdbsql5.3-5.3.28-10.1.mga6
libdbjava5.3-5.3.28-10.1.mga6
libdbtcl5.3-5.3.28-10.1.mga6
libdb5.3-devel-5.3.28-10.1.mga6
libdb5.3-static-devel-5.3.28-10.1.mga6
libdbnss5.3-5.3.28-10.1.mga6
libdbnss5.3-devel-5.3.28-10.1.mga6

Guessing that *.db files might be appropriate and useful, I found a good collection in '/var/lib/' where there is a directory per application.
Running M5 'db53_verify' on them failed most, but succeeded with:
 /var/lib/mailman/data/aliases.db
 /var/lib/dirsrv/slapd-localhost/db/userRoot/*.db
so maybe for the last, the 389-ds-base update (easy usage given therein) https://bugs.mageia.org/show_bug.cgi?id=21671
invokes this software.

For the commands noted in Comment 21, the outlook is bleak. No man pages, no -h or --help parameters. Some, typing the command alone, give a usage response which lists the flags/parameters, many with no explanation at all!

 $ urpmq --whatrequires lib64dbnss5.3 | uniq
lists a few things, none directly employable. -recursive clagged.
 $ urpmq --whatrequires lib64db5.3 | uniq
shows a looong list.

Not forgetting that this update is about the DB_CONFIG configuration file,
 https://web.stanford.edu/class/cs276a/projects/docs/berkeleydb/ref/env/db_config.html
fills you in - perhaps. None of the variables cited exist on my system.
Comment 25 Brian Rockwell 2017-10-11 03:21:32 CEST
Hi all - looking in Wikipedia I see RPM uses the BDB?

Am I guessing correctly?

https://en.wikipedia.org/wiki/Berkeley_DB

CC: (none) => brtians1

Comment 26 David Walser 2017-10-11 12:54:38 CEST
Yes, RPM uses db 5.3.
Comment 27 William Kenney 2017-10-11 22:26:13 CEST
In VirtualBox, M6, Plasma, 32-bit

Package(s) under test:
libdb4.8 db48-utils libdbcxx4.8 libdbnss4.8 libdbtcl4.8
libdb5.3 db53-utils libdbcxx5.3 libdbnss5.3 libdbtcl5.3 libdbsql5.3

default install of packages

[root@localhost wilcal]# urpmi libdb4.8
Package libdb4.8-4.8.30-21.mga6.i586 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-21.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx4.8
Package libdbcxx4.8-4.8.30-21.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss4.8
Package libdbnss4.8-4.8.30-21.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl4.8
Package libdbtcl4.8-4.8.30-21.mga6.i586 is already installed

[root@localhost wilcal]# urpmi libdb5.3
Package libdb5.3-5.3.28-10.mga6.i586 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-10.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx5.3
Package libdbcxx5.3-5.3.28-10.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss5.3
Package libdbnss5.3-5.3.28-10.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl5.3
Package libdbtcl5.3-5.3.28-10.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbsql5.3
Package libdbsql5.3-5.3.28-10.mga6.i586 is already installed

All packages install without error

install update packages from updates_testing

[root@localhost wilcal]# urpmi libdb4.8
Package libdb4.8-4.8.30-21.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-21.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx4.8
Package libdbcxx4.8-4.8.30-21.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss4.8
Package libdbnss4.8-4.8.30-21.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl4.8
Package libdbtcl4.8-4.8.30-21.1.mga6.i586 is already installed

[root@localhost wilcal]# urpmi libdb5.3
Package libdb5.3-5.3.28-10.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-10.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx5.3
Package libdbcxx5.3-5.3.28-10.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss5.3
Package libdbnss5.3-5.3.28-10.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl5.3
Package libdbtcl5.3-5.3.28-10.1.mga6.i586 is already installed
[root@localhost wilcal]# urpmi libdbsql5.3
Package libdbsql5.3-5.3.28-10.1.mga6.i586 is already installed

All packages update without error

CC: (none) => wilcal.int

William Kenney 2017-10-11 22:26:30 CEST

Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK

Comment 28 William Kenney 2017-10-11 22:43:14 CEST
In VirtualBox, M5.1, KDE, 32-bit

Package(s) under test:
libdb4.8 db48-utils libdbcxx4.8 libdbnss4.8 libdbtcl4.8
libdb5.3 db53-utils libdbcxx5.3 libdbnss5.3 libdbtcl5.3 libdbsql5.3

default install of packages

[root@localhost wilcal]# urpmi libdb4.8
Package libdb4.8-4.8.30-18.mga5.i586 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-18.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx4.8
Package libdbcxx4.8-4.8.30-18.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss4.8
Package libdbnss4.8-4.8.30-18.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl4.8
Package libdbtcl4.8-4.8.30-18.mga5.i586 is already installed

[root@localhost wilcal]# urpmi libdb5.3
Package libdb5.3-5.3.28-4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx5.3
Package libdbcxx5.3-5.3.28-4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss5.3
Package libdbnss5.3-5.3.28-4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl5.3
Package libdbtcl5.3-5.3.28-4.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbsql5.3
Package libdbsql5.3-5.3.28-4.mga5.i586 is already installed

All packages install without error

install update packages from updates_testing

[root@localhost wilcal]# urpmi libdb4.8
Package libdb4.8-4.8.30-18.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-18.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx4.8
Package libdbcxx4.8-4.8.30-18.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss4.8
Package libdbnss4.8-4.8.30-18.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl4.8
Package libdbtcl4.8-4.8.30-18.1.mga5.i586 is already installed

[root@localhost wilcal]# urpmi libdb5.3
Package libdb5.3-5.3.28-4.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-4.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbcxx5.3
Package libdbcxx5.3-5.3.28-4.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbnss5.3
Package libdbnss5.3-5.3.28-4.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbtcl5.3
Package libdbtcl5.3-5.3.28-4.1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libdbsql5.3
Package libdbsql5.3-5.3.28-4.1.mga5.i586 is already installed

All packages update without error
William Kenney 2017-10-11 22:43:33 CEST

Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK

Comment 29 William Kenney 2017-10-11 23:03:14 CEST
In VirtualBox, M5.1, KDE, 64-bit

Package(s) under test:
lib64db4.8 db48-utils lib64dbcxx4.8 lib64dbnss4.8 lib64dbtcl4.8
lib64db5.3 db53-utils lib64dbcxx5.3 lib64dbnss5.3 lib64dbtcl5.3 lib64dbsql5.3

default install of packages

[root@localhost wilcal]# urpmi lib64db4.8
Package lib64db4.8-4.8.30-18.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-18.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbcxx4.8
Package lib64dbcxx4.8-4.8.30-18.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbnss4.8
Package lib64dbnss4.8-4.8.30-18.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbtcl4.8
Package lib64dbtcl4.8-4.8.30-18.mga5.x86_64 is already installed

[root@localhost wilcal]# urpmi lib64db5.3
Package lib64db5.3-5.3.28-4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbcxx5.3
Package lib64dbcxx5.3-5.3.28-4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbnss5.3
Package lib64dbnss5.3-5.3.28-4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbtcl5.3
Package lib64dbtcl5.3-5.3.28-4.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbsql5.3
Package lib64dbsql5.3-5.3.28-4.mga5.x86_64 is already installed

All packages install without error

install update packages from updates_testing

[root@localhost wilcal]# urpmi lib64db4.8
Package lib64db4.8-4.8.30-18.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi db48-utils
Package db48-utils-4.8.30-18.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbcxx4.8
Package lib64dbcxx4.8-4.8.30-18.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbnss4.8
Package lib64dbnss4.8-4.8.30-18.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbtcl4.8
Package lib64dbtcl4.8-4.8.30-18.1.mga5.x86_64 is already installed

[root@localhost wilcal]# urpmi lib64db5.3
Package lib64db5.3-5.3.28-4.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi db53-utils
Package db53-utils-5.3.28-4.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbcxx5.3
Package lib64dbcxx5.3-5.3.28-4.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbnss5.3
Package lib64dbnss5.3-5.3.28-4.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbtcl5.3
Package lib64dbtcl5.3-5.3.28-4.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbsql5.3
Package lib64dbsql5.3-5.3.28-4.1.mga5.x86_64 is already installed

All packages update without error
William Kenney 2017-10-11 23:03:33 CEST

Whiteboard: MGA5TOO MGA5-32-OK MGA6-32-OK MGA6-64-OK => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OK

Comment 30 Lewis Smith 2017-10-12 21:16:46 CEST
Thanks Bill for your update confirmations.
We have agreed to validate this.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 31 Mageia Robot 2017-10-20 00:06:34 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0380.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.