SCIENTIFIC-LINUX-ERRATA Archives

April 2010

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: nss_db on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 14 Apr 2010 12:02:20 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (23 lines) 
Synopsis:	Moderate: nss_db security update
Issue date:	2010-04-13
CVE Names:	CVE-2010-0826

It was discovered that nss_db did not specify a path to the directory to 
be used as the database environment for the Berkeley Database library, 
causing it to use the current working directory as the default. This 
could possibly allow a local attacker to obtain sensitive information. 
(CVE-2010-0826)

SL 5.x

     SRPMS:
nss_db-2.2-35.4.el5_5.src.rpm
     i386:
nss_db-2.2-35.4.el5_5.i386.rpm
     x86_64:
nss_db-2.2-35.4.el5_5.i386.rpm
nss_db-2.2-35.4.el5_5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2