Security update for libdb-4_8 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20067-1 Final 1 1 2025-02-03T09:01:29Z current 2025-02-03T09:01:29Z 2025-02-03T09:01:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libdb-4_8 This update for libdb-4_8 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS (bsc#1174414) Changes: * libdb: Data store execution leads to partial DoS * Backport the upsteam commits: - Fixed several possible crashes when running db_verify on a corrupted database. [#27864] - Fixed several possible hangs when running db_verify on a corrupted database. [#27864] - Added a warning message when attempting to verify a queue database which has many extent files. Verification will take a long time if there are many extent files. [#27864] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-118 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520067-1/ Link for SUSE-SU-2025:20067-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021289.html E-Mail link for SUSE-SU-2025:20067-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174414 SUSE Bug 1174414 https://www.suse.com/security/cve/CVE-2019-2708/ SUSE CVE CVE-2019-2708 page SUSE Linux Micro 6.0 libdb-4_8-4.8.30-7.1 libdb-4_8-4.8.30-7.1 as a component of SUSE Linux Micro 6.0 Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2708 SUSE Linux Micro 6.0:libdb-4_8-4.8.30-7.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520067-1/ https://www.suse.com/security/cve/CVE-2019-2708.html CVE-2019-2708 https://bugzilla.suse.com/1174414 SUSE Bug 1174414