Advisories » MGASA-2015-0130

Updated mongodb packages fix security vulnerabilities

Publication date: 03 Apr 2015
Modification date: 03 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1609

Description

Updated mongodb packages fix security vulnerability:

It was found that the mongod server did not correctly validate certain
malformed BSON requests. A remote, unauthenticated  attacker could use a
specially crafted BSON message to crash a mongod server (CVE-2015-1609).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15591
• https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153690.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1609

SRPMS

4/core

• mongodb-2.4.6-2.2.mga4