(RHSA-2014:0230) Moderate: mongodb security update

2014-03-0400:00:00

access.redhat.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.014 Low

EPSS

Percentile

84.5%

JSON

MongoDB is a NoSQL database.

A buffer over-read flaw was found in the way MongoDB handled BSON data.
A database user permitted to insert BSON data into a MongoDB server could
use this flaw to read server memory, potentially disclosing sensitive data.
(CVE-2012-6619)

All mongodb users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64mongodb< 2.2.4-4.el6ostmongodb-2.2.4-4.el6ost.x86_64.rpm
RedHat6x86_64mongodb-debuginfo< 2.2.4-4.el6ostmongodb-debuginfo-2.2.4-4.el6ost.x86_64.rpm
RedHat6srcmongodb< 2.2.4-4.el6ostmongodb-2.2.4-4.el6ost.src.rpm
RedHat6x86_64libmongodb< 2.2.4-4.el6ostlibmongodb-2.2.4-4.el6ost.x86_64.rpm
RedHat6x86_64mongodb-server< 2.2.4-4.el6ostmongodb-server-2.2.4-4.el6ost.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	x86_64	mongodb	< 2.2.4-4.el6ost	mongodb-2.2.4-4.el6ost.x86_64.rpm
RedHat	6	x86_64	mongodb-debuginfo	< 2.2.4-4.el6ost	mongodb-debuginfo-2.2.4-4.el6ost.x86_64.rpm
RedHat	6	src	mongodb	< 2.2.4-4.el6ost	mongodb-2.2.4-4.el6ost.src.rpm
RedHat	6	x86_64	libmongodb	< 2.2.4-4.el6ost	libmongodb-2.2.4-4.el6ost.x86_64.rpm
RedHat	6	x86_64	mongodb-server	< 2.2.4-4.el6ost	mongodb-server-2.2.4-4.el6ost.x86_64.rpm