| |||||||||||||||||||
Mageia alert MGASA-2013-0040 (couchdb)
MGASA-2013-0040 Date: February 8th, 2013 Affected releases: 2 Media: Core Description: Updated couchdb packages fix security vulnerabilities: A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a specially-crafted JSON callback that, when processed could lead to arbitrary JSON code execution via Adobe Flash (CVE-2012-5649). A DOM based cross-site scripting (XSS) flaw was found in the way browser- based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session (CVE-2012-5650). Updated Packages: i586: couchdb-1.2.1-1.2.mga2.i586.rpm couchdb-bin-1.2.1-1.2.mga2.i586.rpm couchdb-debug-1.2.1-1.2.mga2.i586.rpm x86_64: couchdb-1.2.1-1.2.mga2.x86_64.rpm couchdb-bin-1.2.1-1.2.mga2.x86_64.rpm couchdb-debug-1.2.1-1.2.mga2.x86_64.rpm SRPMS: couchdb-1.2.1-1.2.mga2.src.rpm References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5650 http://lists.fedoraproject.org/pipermail/package-announce... https://bugs.mageia.org/show_bug.cgi?id=8973 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||