Amazon Linux 1 Security Advisory: ALAS-2023-1726
Advisory Release Date: 2023-03-30 22:50 Pacific
Advisory Updated Date: 2023-04-05 20:22 Pacific
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory. (CVE-2017-10140)
Affected Packages:
db4
Issue Correction:
Run yum update db4 to update your system.
i686:
db4-debuginfo-4.7.25-22.13.amzn1.i686
db4-cxx-4.7.25-22.13.amzn1.i686
db4-4.7.25-22.13.amzn1.i686
db4-devel-static-4.7.25-22.13.amzn1.i686
db4-utils-4.7.25-22.13.amzn1.i686
db4-devel-4.7.25-22.13.amzn1.i686
db4-tcl-4.7.25-22.13.amzn1.i686
db4-java-4.7.25-22.13.amzn1.i686
src:
db4-4.7.25-22.13.amzn1.src
x86_64:
db4-devel-static-4.7.25-22.13.amzn1.x86_64
db4-utils-4.7.25-22.13.amzn1.x86_64
db4-4.7.25-22.13.amzn1.x86_64
db4-devel-4.7.25-22.13.amzn1.x86_64
db4-debuginfo-4.7.25-22.13.amzn1.x86_64
db4-tcl-4.7.25-22.13.amzn1.x86_64
db4-java-4.7.25-22.13.amzn1.x86_64
db4-cxx-4.7.25-22.13.amzn1.x86_64