Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store References: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Created libdb tracking bugs for this issue: Affects: fedora-all [bug 1853243] Created libdb4 tracking bugs for this issue: Affects: fedora-all [bug 1853244]
Created libdb4 tracking bugs for this issue: Affects: epel-7 [bug 1853258]
Created attachment 1700770 [details] Patch between db-18.1.40 and db-18.1.32 This is the patch between db-18.1.40 and db-18.1.32
https://bugzilla.redhat.com/attachment.cgi?id=1700770&action=diff is as per oracle addresses the following: Fixed several possible crashes when running db_verify on a corrupted database. [#27864] Fixed several possible hangs when running db_verify on a corrupted database. [#27864] Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1675 https://access.redhat.com/errata/RHSA-2021:1675
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-2708