+++ This bug was initially created as a clone of Bug #27752 +++ Thierry fixed this issue in Cauldron: https://bugzilla.redhat.com/show_bug.cgi?id=1853242 db48 is probably also affected (leaving that in Bug 27752). Fedora has issued an advisory for this today (December 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/ Patched package uploaded for Mageia 7 by Thierry. Advisory: ======================== Updated db53 packages fix security vulnerability: Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store (CVE-2019-2708). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2708 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/ ======================== Updated packages in core/updates_testing: ======================== libdb5.3-5.3.28-17.1.mga7 libdbcxx5.3-5.3.28-17.1.mga7 libdbsql5.3-5.3.28-17.1.mga7 libdbjava5.3-5.3.28-17.1.mga7 libdbtcl5.3-5.3.28-17.1.mga7 db53-utils-5.3.28-17.1.mga7 db53_recover-5.3.28-17.1.mga7 libdb5.3-devel-5.3.28-17.1.mga7 libdb5.3-static-devel-5.3.28-17.1.mga7 from db53-5.3.28-17.1.mga7.src.rpm
The following 5 packages are going to be installed: - db53-utils-5.3.28-17.1.mga7.x86_64 - db53_recover-5.3.28-17.1.mga7.x86_64 - lib64db5.3-5.3.28-17.1.mga7.x86_64 - lib64dbcxx5.3-5.3.28-17.1.mga7.x86_64 - lib64dbsql5.3-5.3.28-17.1.mga7.x86_64 No installation issues. when searching for past updates, I came across bug 21203, which concerned this and other components of the Berkley Database. After much discussion, the update was finally validated on a clean install. So... Validating. Advisory in Comment 0.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Advisory commited to SVN.
CC: (none) => ouaurelienKeywords: (none) => advisoryCVE: (none) => CVE-2019-2708
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0057.html
Status: NEW => RESOLVEDResolution: (none) => FIXED