| From: |
| Mageia Updates <buildsystem-daemon@mageia.org> |
| To: |
| updates-announce@ml.mageia.org |
| Subject: |
| [updates-announce] MGASA-2013-0040: couchdb-1.2.1-1.2.mga2 (2/core) |
| Date: |
| Fri, 8 Feb 2013 15:50:59 +0100 |
| Message-ID: |
| <20130208145059.GA4408@valstar.mageia.org> |
| Archive-link: |
| Article, Thread
|
MGASA-2013-0040
Date: February 8th, 2013
Affected releases: 2
Media: Core
Description:
Updated couchdb packages fix security vulnerabilities:
A security flaw was found in the way Apache CouchDB, a distributed,fault-
tolerant and schema-free document-oriented database accessible via a RESTful
HTTP/JSON API, processed certain JSON callback. A remote attacker could
provide a specially-crafted JSON callback that, when processed could lead
to arbitrary JSON code execution via Adobe Flash (CVE-2012-5649).
A DOM based cross-site scripting (XSS) flaw was found in the way browser-
based test suite of Apache CouchDB, a distributed, fault-tolerant and
schema-free document-oriented database accessible via a RESTful HTTP/JSON
API, processed certain query parameters. A remote attacker could provide a
specially-crafted web page that, when accessed could lead to arbitrary web
script or HTML execution in the context of a CouchDB user session
(CVE-2012-5650).
Updated Packages:
i586:
couchdb-1.2.1-1.2.mga2.i586.rpm
couchdb-bin-1.2.1-1.2.mga2.i586.rpm
couchdb-debug-1.2.1-1.2.mga2.i586.rpm
x86_64:
couchdb-1.2.1-1.2.mga2.x86_64.rpm
couchdb-bin-1.2.1-1.2.mga2.x86_64.rpm
couchdb-debug-1.2.1-1.2.mga2.x86_64.rpm
SRPMS:
couchdb-1.2.1-1.2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5650
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=8973
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(
Log in to post comments)