openSUSE Security Update: Security update for libdb-4_5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:0519-1 Rating: moderate References: #1043886 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libdb-4_5 fixes the following issues: - A DB_CONFIG file in the current working directory allowed local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4_5. (bsc#1043886) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-200=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): db45-utils-4.5.20-135.3.1 libdb-4_5-4.5.20-135.3.1 libdb-4_5-debuginfo-4.5.20-135.3.1 libdb-4_5-debugsource-4.5.20-135.3.1 libdb-4_5-devel-4.5.20-135.3.1 libdb_java-4_5-4.5.20-135.3.1 libdb_java-4_5-debuginfo-4.5.20-135.3.1 libdb_java-4_5-debugsource-4.5.20-135.3.1 libdb_java-4_5-devel-4.5.20-135.3.1 - openSUSE Leap 42.3 (x86_64): libdb-4_5-32bit-4.5.20-135.3.1 libdb-4_5-debuginfo-32bit-4.5.20-135.3.1 libdb-4_5-devel-32bit-4.5.20-135.3.1 - openSUSE Leap 42.3 (noarch): db45-doc-4.5.20-135.3.1 db45-utils-doc-4.5.20-135.3.1 References: https://bugzilla.suse.com/1043886