关键漏洞信息 Topic: Information leak in db(3) Category: core Module: libc Announced: 2009-04-22 Credited: Jaakko Heinonen, Xin Li Affects: All supported versions of FreeBSD Corrected: 2009-04-22 UTC Problem Description: Some data structures used by the database interface code are not properly initialized when allocated. Impact: Programs using the db(3) interface to create Berkeley database files may "leak" sensitive information into database files. If these files can be read by other users, this may result in the disclosure of sensitive information such as login credentials. Solution: Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. Apply patch for your current system by following the instructions. Revision Details: Includes CVS and Subversion revision numbers of each file that was corrected in FreeBSD.