Lucene search

DebianDEBIAN:DLA-588-1:5DFCF

HistoryAug 08, 2016 - 9:52 a.m.

[SECURITY] [DLA 588-1] mongodb security update

2016-08-0809:52:03

lists.debian.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Package : mongodb
Version : 2.0.6-1+deb7u1
CVE ID : CVE-2016-6494
Debian Bug : 832908, 833087

Two security related problems have been found in the mongodb
package, related to logging.

CVE-2016-6494
World-readable .dbshell history file

TEMP-0833087-C5410D
Bruteforcable challenge responses in unprotected logfile

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-1+deb7u1.

We recommend that you upgrade your mongodb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

--------------------- Ola Lundqvist ---------------------------
/ [email protected] Folkebogatan 26
| [email protected] 654 68 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F /

OSVersionArchitecturePackageVersionFilename
Debian8amd64mongodb-dev< 1:2.4.10-5+deb8u1mongodb-dev_1:2.4.10-5+deb8u1_amd64.deb
Debian8amd64mongodb-server< 1:2.4.10-5+deb8u1mongodb-server_1:2.4.10-5+deb8u1_amd64.deb
Debian8i386mongodb-dev< 1:2.4.10-5+deb8u1mongodb-dev_1:2.4.10-5+deb8u1_i386.deb
Debian7amd64mongodb-server< 1:2.0.6-1+deb7u1mongodb-server_1:2.0.6-1+deb7u1_amd64.deb
Debian8armhfmongodb-dev< 1:2.4.10-5+deb8u1mongodb-dev_1:2.4.10-5+deb8u1_armhf.deb
Debian7amd64mongodb< 1:2.0.6-1+deb7u1mongodb_1:2.0.6-1+deb7u1_amd64.deb
Debian8amd64mongodb-clients< 1:2.4.10-5+deb8u1mongodb-clients_1:2.4.10-5+deb8u1_amd64.deb
Debian7i386mongodb< 1:2.0.6-1+deb7u1mongodb_1:2.0.6-1+deb7u1_i386.deb
Debian8armhfmongodb-server< 1:2.4.10-5+deb8u1mongodb-server_1:2.4.10-5+deb8u1_armhf.deb
Debian7i386mongodb-clients< 1:2.0.6-1+deb7u1mongodb-clients_1:2.0.6-1+deb7u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	mongodb-dev	< 1:2.4.10-5+deb8u1	mongodb-dev_1:2.4.10-5+deb8u1_amd64.deb
Debian	8	amd64	mongodb-server	< 1:2.4.10-5+deb8u1	mongodb-server_1:2.4.10-5+deb8u1_amd64.deb
Debian	8	i386	mongodb-dev	< 1:2.4.10-5+deb8u1	mongodb-dev_1:2.4.10-5+deb8u1_i386.deb
Debian	7	amd64	mongodb-server	< 1:2.0.6-1+deb7u1	mongodb-server_1:2.0.6-1+deb7u1_amd64.deb
Debian	8	armhf	mongodb-dev	< 1:2.4.10-5+deb8u1	mongodb-dev_1:2.4.10-5+deb8u1_armhf.deb
Debian	7	amd64	mongodb	< 1:2.0.6-1+deb7u1	mongodb_1:2.0.6-1+deb7u1_amd64.deb
Debian	8	amd64	mongodb-clients	< 1:2.4.10-5+deb8u1	mongodb-clients_1:2.4.10-5+deb8u1_amd64.deb
Debian	7	i386	mongodb	< 1:2.0.6-1+deb7u1	mongodb_1:2.0.6-1+deb7u1_i386.deb
Debian	8	armhf	mongodb-server	< 1:2.4.10-5+deb8u1	mongodb-server_1:2.4.10-5+deb8u1_armhf.deb
Debian	7	i386	mongodb-clients	< 1:2.0.6-1+deb7u1	mongodb-clients_1:2.0.6-1+deb7u1_i386.deb