Fedora 25: libdb Security Advisory - Critical DB_CONFIG Parsing Fix

The Berkeley Database (Berkeley DB) is a programmatic toolkit that

provides embedded database support for both traditional and

client/server applications. The Berkeley DB includes B+tree, Extended

Linear Hashing, Fixed and Variable-length record access methods,

transactions, locking, logging, shared memory caching, and database

recovery. The Berkeley DB supports C, C++, Java, and Perl APIs. It is

used by many applications, including Python and Perl, so this should

be installed on all systems.

Security fix for DB_CONFIG parsing when db_home is not set. This update also

introduces modified fixes for rhbz#1394862 once again and additionally fixes ppc

specific hangs described in rhbz#1460003. Please be aware that this update is

expected to cause **DB_VERSION_MISMATCH** errors during installation if you are

still running an older release of libdb. These errors are a result of packages

calling rpm commands during installation and have so far been found harmless.

You can also run into issues with dnf plugins that do the same. As these plugins

are run after the rpm transaction has already gone through successfully they

should also be harmless. However, in this case a rebuild of rpmdb's environment

will be needed. Detailed information on how to achieve this can be found in the

links below. For more information please take a look at:

https://fedoraproject.org/wiki/Common_F26_bugs#upgrade-libdb

https://fedoraproject.org/wiki/Common_F26_bugs#libdb-rebuilddb

[ 1 ] Bug #1464032 - libdb: Reads DB_CONFIG from the current working directory

https://bugzilla.redhat.com/show_bug.cgi?id=1464032

su -c 'dnf upgrade libdb' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org