- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: CouchDB: Denial of Service
Date: December 13, 2014
Bugs: #506354
ID: 201412-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
A vulnerability in CouchDB could result in Denial of Service.
Background
=========
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/couchdb < 1.5.1 >= 1.5.1
Description
==========
CouchDB does not properly sanitize the count parameter for Universally
Unique Identifiers (UUID) requests.
Impact
=====
A remote attacker could send a specially crafted request to CouchDB,
possibly resulting in a Denial of Service condition.
Workaround
=========
The /_uuids handler can be disabled in local.ini with the following
configuration:
[httpd_global_handlers]
_uuids
Resolution
=========
All CouchDB users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/couchdb-1.5.1"
References
=========
[ 1 ] CVE-2014-2668
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-16.xml
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo: GLSA-201412-16: CouchDB: Denial of Service
A vulnerability in CouchDB could result in Denial of Service.
Summary
CouchDB does not properly sanitize the count parameter for Universally Unique Identifiers (UUID) requests.
Resolution
All CouchDB users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/couchdb-1.5.1"
References
[ 1 ] CVE-2014-2668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-16.xml
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Severity
Severity: Normal
Title: CouchDB: Denial of Service
Date: December 13, 2014
Bugs: #506354
ID: 201412-16
Synopsis
A vulnerability in CouchDB could result in Denial of Service.
Background
Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/couchdb < 1.5.1 >= 1.5.1
Impact
===== A remote attacker could send a specially crafted request to CouchDB, possibly resulting in a Denial of Service condition.
Workaround
The /_uuids handler can be disabled in local.ini with the following configuration: [httpd_global_handlers] _uuids
News
HOWTOs
Features
About Us
Powered By
