[SECURITY] [DLA 588-2] mongodb security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 588-2] mongodb security update
From: Ola Lundqvist <opal@debian.org>
Date: Tue, 9 Aug 2016 22:18:14 +0200
Message-id: <[🔎] 20160809201814.GA3311@inguza.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mongodb
Version        : 2.0.6-1+deb7u1
CVE ID         : CVE-2016-6494
Debian Bug     : 832908, 833087

This is an update of DLA-558-1. The previous build had 
revision number that was considered lower than the one
in wheezy and was therefore not installed at upgrade.

The text for DLA-558-1 is included here for reference
(with some improvement).

Two security related problems have been found in the mongodb
package, both related to logging.

CVE-2016-6494
  World-readable .dbshell history file

Debian Bug 833087
  Bruteforcable challenge responses in unprotected logfile

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-1.1+deb7u1.

We recommend that you upgrade your mongodb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Folkebogatan 26          \
|  ola@inguza.com                      654 68 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26  0A6A 5E90 DCFA 9426 876F /
 ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJXqjqGAAoJEF6Q3PqUJodvFS0P/0EgWrSsCACt/vHc0H5fpfh8
kmINtfQjHXp3bTd5UqFHdHnB+gfPyNkK2jKQg35eXKofqfzHhaTExfFEYS5g/6eh
w4mCrIhhf90zVPh/I2VPbX3INZKPF2dbRx/9TlvrIGCk8pTi3ik+Od8WpXU/yd+d
x+oLk+KYSy+i9zshQ/hUoGdoe9+Bom2PokPnue+a7QDItYx9NC1RTfjRi2UOJUoy
n/tFRieERY1n1mHYQh/RJQicoHLYioH6N0z0s2cDhpLTbpqIxFQKV8w7jASuO/7K
fCvx4o6OTgK+8nOrh21lxCyRCTNPj+VATBAxr1e6Am4+sEuwPpviTQJ0pljYuCY9
AmTV/ZnrtEHJ7T5DlB+GTNU0AtwjlFGAGy6adQ9lrGd5Fj4P3InqBCfLYfLqcFzz
7RDjBo3hJybzjTzG4+dgpIqzT0fdmSW8am49Uo/C3UHWnPM7OUk5RYdYABuO8h/z
Ae+wvii6XC9SLsfXahxSJtU73GD8YEtvxGT3p0Aw3dPWWhS9ZcPFtmRI7H1g1pMN
TRErfL5NztnVRx1rDus+XFiqYJhENcdn8wY4cr6THvVzkrgGDQY7YdJaawbjDk2g
i/MGtFfukeRMEBaEkjT60vHrXyoGKWFYE15irm1bnP3QtgYWpCs4shmc6HHWYKZ3
wr3B3W/2P/d4uO+WbkFo
=p0ii
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 587-1] fontconfig security update
Next by Date: [SECURITY] [DLA 592-1] postgresql-9.1 security update
Previous by thread: [SECURITY] [DLA 587-1] fontconfig security update
Next by thread: [SECURITY] [DLA 592-1] postgresql-9.1 security update
Index(es):
- Date
- Thread