CVE-2017-10140

Name	CVE-2017-10140
Description	Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1135-1, DLA-1136-1, DLA-1137-1
Debian Bugs	872436

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
db5.3 (PTS)	bullseye	5.3.28+dfsg1-0.8	fixed
	bookworm	5.3.28+dfsg2-1	fixed
	sid, trixie	5.3.28+dfsg2-9	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
db	source	wheezy	5.1.29-5+deb7u1	DLA-1135-1
db	source	jessie	5.1.29-9+deb8u1
db	source	(unstable)	(unfixed)
db4.0	source	(unstable)	(unfixed)
db4.1	source	(unstable)	(unfixed)
db4.2	source	(unstable)	(unfixed)
db4.3	source	(unstable)	(unfixed)
db4.4	source	(unstable)	(unfixed)
db4.5	source	(unstable)	(unfixed)
db4.6	source	(unstable)	(unfixed)
db4.7	source	wheezy	4.7.25-21+deb7u1	DLA-1137-1
db4.7	source	(unstable)	(unfixed)
db4.8	source	wheezy	4.8.30-12+deb7u1	DLA-1136-1
db4.8	source	(unstable)	(unfixed)
db5.1	source	(unstable)	(unfixed)
db5.2	source	(unstable)	(unfixed)
db5.3	source	jessie	5.3.28-9+deb8u1
db5.3	source	stretch	5.3.28-12+deb9u1
db5.3	source	(unstable)	5.3.28-13.1		872436

Notes

https://www.openwall.com/lists/oss-security/2017/08/12/1
Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9