[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DLA 588-2] mongodb security update



Em Terça-feira, 9 de Agosto de 2016 16:18, Ola Lundqvist <opal@debian.org> escreveu:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mongodb
Version        : 2.0.6-1+deb7u1
CVE ID        : CVE-2016-6494
Debian Bug    : 832908, 833087

This is an update of DLA-558-1. The previous build had
revision number that was considered lower than the one
in wheezy and was therefore not installed at upgrade.

The text for DLA-558-1 is included here for reference
(with some improvement).

Two security related problems have been found in the mongodb
package, both related to logging.

CVE-2016-6494
  World-readable .dbshell history file

Debian Bug 833087
  Bruteforcable challenge responses in unprotected logfile

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-1.1+deb7u1.

We recommend that you upgrade your mongodb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --
--------------------- Ola Lundqvist ---------------------------
opal@debian.org                    Folkebogatan 26          \
ola@inguza.com                      654 68 KARLSTAD          |
http://inguza.com/                 +46 (0)70-332 1551      |
\  gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26  0A6A 5E90 DCFA 9426 876F /
---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJXqjqGAAoJEF6Q3PqUJodvFS0P/0EgWrSsCACt/vHc0H5fpfh8
kmINtfQjHXp3bTd5UqFHdHnB+gfPyNkK2jKQg35eXKofqfzHhaTExfFEYS5g/6eh
w4mCrIhhf90zVPh/I2VPbX3INZKPF2dbRx/9TlvrIGCk8pTi3ik+Od8WpXU/yd+d
x+oLk+KYSy+i9zshQ/hUoGdoe9+Bom2PokPnue+a7QDItYx9NC1RTfjRi2UOJUoy
n/tFRieERY1n1mHYQh/RJQicoHLYioH6N0z0s2cDhpLTbpqIxFQKV8w7jASuO/7K
fCvx4o6OTgK+8nOrh21lxCyRCTNPj+VATBAxr1e6Am4+sEuwPpviTQJ0pljYuCY9
AmTV/ZnrtEHJ7T5DlB+GTNU0AtwjlFGAGy6adQ9lrGd5Fj4P3InqBCfLYfLqcFzz
7RDjBo3hJybzjTzG4+dgpIqzT0fdmSW8am49Uo/C3UHWnPM7OUk5RYdYABuO8h/z
Ae+wvii6XC9SLsfXahxSJtU73GD8YEtvxGT3p0Aw3dPWWhS9ZcPFtmRI7H1g1pMN
TRErfL5NztnVRx1rDus+XFiqYJhENcdn8wY4cr6THvVzkrgGDQY7YdJaawbjDk2g
i/MGtFfukeRMEBaEkjT60vHrXyoGKWFYE15irm1bnP3QtgYWpCs4shmc6HHWYKZ3
wr3B3W/2P/d4uO+WbkFo
=p0ii
-----END PGP SIGNATURE-----



Reply to: