Date: Wed, 14 Apr 2010 12:02:20 -0500
Reply-To: Troy Dawson
Sender: Security Errata for Scientific Linux
From: Troy Dawson
Subject: Security ERRATA Moderate: nss_db on SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
Synopsis: Moderate: nss_db security update
Issue date: 2010-04-13
CVE Names: CVE-2010-0826
It was discovered that nss_db did not specify a path to the directory to
be used as the database environment for the Berkeley Database library,
causing it to use the current working directory as the default. This
could possibly allow a local attacker to obtain sensitive information.
(CVE-2010-0826)
SL 5.x
SRPMS:
nss_db-2.2-35.4.el5_5.src.rpm
i386:
nss_db-2.2-35.4.el5_5.i386.rpm
x86_64:
nss_db-2.2-35.4.el5_5.i386.rpm
nss_db-2.2-35.4.el5_5.x86_64.rpm
-Connie Sieh
-Troy Dawson