COMMAND

    Berkley DB problem

SYSTEMS AFFECTED

   Linux Slackware 3.2, 3.3, 3.4

PROBLEM

    Martin Bene found following potential problem with berkley db 1.85
    as distributed with all versions of slackware linux: (fixed in
    slackware 3.5 as of 07.14.98)

    libdb.so.1.85.4 defines snprintf and vsnprintf as calls to  normal
    sprintf and vsprintf.   Meaning: if you  link any program  against
    this lib and  aren't careful about  library linking order,  you'll
    overload   the   working   procedures    from   libc   with    the
    dummy-definitions  from  libdb  and   thus  end  up  with   broken
    (v)snprintf.

    Your programs will be vulnerable to buffer overflows even though
    correctly coded to avoid it.

SOLUTION

    This was fixed in slackware 3.5 as of 07.14.98