csaf_suse - suse-su-2025:20067-1

suse-su-2025:20067-1

Vulnerability from csaf_suse

Published

2025-02-03 09:01

Modified

2025-02-03 09:01

Summary

Security update for libdb-4_8

Notes

Title of the patch

Security update for libdb-4_8

Description of the patch

This update for libdb-4_8 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS (bsc#1174414) Changes: * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864]

Patchnames

SUSE-SLE-Micro-6.0-118

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libdb-4_8",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libdb-4_8 fixes the following issues:\n\nCVE-2019-2708: Fixed data store execution leading to partial DoS (bsc#1174414)\n\nChanges:\n\n* libdb: Data store execution leads to partial DoS\n* Backport the upsteam commits:\n\n  - Fixed several possible crashes when running db_verify\n    on a corrupted database. [#27864]\n  - Fixed several possible hangs when running db_verify\n    on a corrupted database. [#27864]\n  - Added a warning message when attempting to verify a queue\n    database which has many extent files. Verification will take\n    a long time if there are many extent files. [#27864]\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-118",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20067-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20067-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520067-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20067-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021289.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1174414",
        "url": "https://bugzilla.suse.com/1174414"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-2708 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-2708/"
      }
    ],
    "title": "Security update for libdb-4_8",
    "tracking": {
      "current_release_date": "2025-02-03T09:01:29Z",
      "generator": {
        "date": "2025-02-03T09:01:29Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20067-1",
      "initial_release_date": "2025-02-03T09:01:29Z",
      "revision_history": [
        {
          "date": "2025-02-03T09:01:29Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libdb-4_8-4.8.30-7.1.aarch64",
                "product": {
                  "name": "libdb-4_8-4.8.30-7.1.aarch64",
                  "product_id": "libdb-4_8-4.8.30-7.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libdb-4_8-4.8.30-7.1.s390x",
                "product": {
                  "name": "libdb-4_8-4.8.30-7.1.s390x",
                  "product_id": "libdb-4_8-4.8.30-7.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libdb-4_8-4.8.30-7.1.x86_64",
                "product": {
                  "name": "libdb-4_8-4.8.30-7.1.x86_64",
                  "product_id": "libdb-4_8-4.8.30-7.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdb-4_8-4.8.30-7.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.aarch64"
        },
        "product_reference": "libdb-4_8-4.8.30-7.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdb-4_8-4.8.30-7.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.s390x"
        },
        "product_reference": "libdb-4_8-4.8.30-7.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdb-4_8-4.8.30-7.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.x86_64"
        },
        "product_reference": "libdb-4_8-4.8.30-7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-2708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-2708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.aarch64",
          "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.s390x",
          "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-2708",
          "url": "https://www.suse.com/security/cve/CVE-2019-2708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174414 for CVE-2019-2708",
          "url": "https://bugzilla.suse.com/1174414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.aarch64",
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.s390x",
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.aarch64",
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.s390x",
            "SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:01:29Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-2708"
    }
  ]
}

CVE-2019-2708 (GCVE-0-2019-2708)

Vulnerability from cvelistv5

Published

2019-04-23 18:16

Modified

2024-10-02 15:38

Severity ?

CWE

Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store.

Summary

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

References

►

URL

Tags

	http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle Berkeley DB	Version: unspecified < 6.138 Version: unspecified < 6.2.38 Version: unspecified < 18.1.32

Show details on NVD website