=========================================================================Ubuntu Security Notice USN-3489-2
November 21, 2017
db, db4.8 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Berkeley DB could be made to expose sensitive information.
Software Description:
- db: Berkeley v5.1 Database Utilities
- db4.8: Berkeley v4.8 Database Utilities
Details:
USN-3489-1 fixed a vulnerability in Berkeley DB. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Berkeley DB incorrectly handled certain
configuration files. An attacker could possibly use this issue to read
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
db4.8-util 4.8.30-11ubuntu1.1
db5.1-util 5.1.25-11ubuntu0.1
libdb4.8 4.8.30-11ubuntu1.1
libdb5.1 5.1.25-11ubuntu0.1
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-3489-2
https://ubuntu.com/security/notices/USN-3489-1
CVE-2017-10140