openSUSE Security Update: Security update for libdb-4_8 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0520-1 Rating: moderate References: #1043886 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libdb-4_8 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_8. (bsc#1043886) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-199=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): db48-utils-4.8.30-34.3.1 libdb-4_8-4.8.30-34.3.1 libdb-4_8-debuginfo-4.8.30-34.3.1 libdb-4_8-debugsource-4.8.30-34.3.1 libdb-4_8-devel-4.8.30-34.3.1 libdb_java-4_8-4.8.30-34.3.1 libdb_java-4_8-debuginfo-4.8.30-34.3.1 libdb_java-4_8-debugsource-4.8.30-34.3.1 libdb_java-4_8-devel-4.8.30-34.3.1 - openSUSE Leap 42.3 (noarch): db48-doc-4.8.30-34.3.1 - openSUSE Leap 42.3 (x86_64): libdb-4_8-32bit-4.8.30-34.3.1 libdb-4_8-debuginfo-32bit-4.8.30-34.3.1 libdb-4_8-devel-32bit-4.8.30-34.3.1 References: https://bugzilla.suse.com/1043886