Advisories » MGASA-2014-0203

Updated couchdb packages fix CVE-2014-2668

Publication date: 03 May 2014
Modification date: 03 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2668

Description

Updated couchdb packages fix security vulnerability:

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial
of service (CPU and memory consumption) via the count parameter to /_uuids
(CVE-2014-2668).
                

References

• http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html
• https://bugs.mageia.org/show_bug.cgi?id=13220
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2668

SRPMS

4/core

• couchdb-1.4.0-2.3.mga4

3/core

• couchdb-1.2.1-3.1.mga3