A vulnerability has been found and corrected in nss_db: The Free Software Foundation Berkeley DB NSS module 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module . The updated packages have been patched to correct this issue.