[SECURITY] [DLA 588-1] mongodb security update

To: debian-lts-announce@lists.debian.org
Cc: ola@inguza.com
Subject: [SECURITY] [DLA 588-1] mongodb security update
From: Ola Lundqvist <opal@debian.org>
Date: Mon, 8 Aug 2016 11:52:03 +0200
Message-id: <[🔎] 20160808095203.GA18755@inguza.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mongodb
Version        : 2.0.6-1+deb7u1
CVE ID         : CVE-2016-6494
Debian Bug     : 832908, 833087

Two security related problems have been found in the mongodb
package, related to logging.

CVE-2016-6494
  World-readable .dbshell history file

TEMP-0833087-C5410D
  Bruteforcable challenge responses in unprotected logfile

For Debian 7 "Wheezy", these problems have been fixed in version
2.0.6-1+deb7u1.

We recommend that you upgrade your mongodb packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Folkebogatan 26          \
|  ola@inguza.com                      654 68 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26  0A6A 5E90 DCFA 9426 876F /
 ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJXqFZDAAoJEF6Q3PqUJodvU9QP/1uVCFMe7nW4vYgMCQC9LgF3
IW4K/9vU2xdgx1OF2w8ntxr5pmzOwsxtEtOCahzQXIiJgM1GM4JYaDD819EuNoO+
mm0W4jERFv/BSaUdL/Kkd4VWxIQ33tarolMqXJt+7nwxh2IQOjJxmJyfNGBgoEAB
hPZiRa5lXTyIDOM/ImQFE8o9Nem+epQL2/4FOA/oys5Uop4Y/JFnjTtjEhvgRmCf
YpjZsvNeMyhoEiOuzBvES8Er2xcMczis/KJXqL4Gj+6E10B7t0FelNtf0JWEL2gd
NFGCf8iZ/71cQ3JRnPZPWXLTj3RLJ7zjU6ul5VHQNWl7FEJ98BnwZr4x0PfnJ/lj
sg+a4ByYOqOdEFZ1oqogZvfQdmis8uxxRWIU8/s0hpOMh07nmekka40YA9OEsy0X
B6//t/P1+Ppli3yUwu/jsfgg+4/SbYzx5HjOKH50P1GGADsCg4/vnpaQz2wzsGzJ
8jb/2ZjcSDzHIg9kyR6FBqbr4hnLj0YH75lqbuJwIbglbJ577BZEYFy6COl5y5JK
qnIkYpSkqkmUu8HVdmdEbPFoZnQbIXrOFN04AYwEYAXzWEW16vIR1p4kQfFR02TE
IN9qAHCf7dHSv9GQvTiPxCRJwjU9Oq+7g1htBODyjkN0BZIMgONIDZsqaisActcP
FG14M0/DMQwS8Vlc5afW
=0Jbk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] default-java switch to OpenJDK 7 - Icedtea plugin
Next by Date: [SECURITY] [DLA 589-1] mupdf security update
Previous by thread: [SECURITY] default-java switch to OpenJDK 7 - Icedtea plugin
Next by thread: [SECURITY] [DLA 589-1] mupdf security update
Index(es):
- Date
- Thread