GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Dec 15, 2018 8:26 pm Post subject: [ GLSA 201812-06 ] CouchDB |
|
|
Gentoo Linux Security Advisory
Title: CouchDB: Multiple vulnerabilities (GLSA 201812-06)
Severity: normal
Exploitable: remote
Date: 2018-12-15
Bug(s): #630796, #660908, #663164
ID: 201812-06
Synopsis
Multiple vulnerabilities have been found in CouchDB, the worst of
which could lead to the remote execution of code.
Background
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database.
Affected Packages
Package: dev-db/couchdb
Vulnerable: <= 2.1.2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in CouchDB. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could execute arbitrary code or escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for CouchDB and recommends that users
unmerge the package:
Code: | # emerge --unmerge "dev-db/couchdb"
|
References
CVE-2018-11769
CVE-2018-8007 |
|