-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : mongodb Version : 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087
Two security related problems have been found in the mongodb package, related to logging. CVE-2016-6494 World-readable .dbshell history file TEMP-0833087-C5410D Bruteforcable challenge responses in unprotected logfile For Debian 7 "Wheezy", these problems have been fixed in version 2.0.6-1+deb7u1. We recommend that you upgrade your mongodb packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- --------------------- Ola Lundqvist --------------------------- / o...@debian.org Folkebogatan 26 \ | o...@inguza.com 654 68 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26 0A6A 5E90 DCFA 9426 876F / --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJXqFZDAAoJEF6Q3PqUJodvU9QP/1uVCFMe7nW4vYgMCQC9LgF3 IW4K/9vU2xdgx1OF2w8ntxr5pmzOwsxtEtOCahzQXIiJgM1GM4JYaDD819EuNoO+ mm0W4jERFv/BSaUdL/Kkd4VWxIQ33tarolMqXJt+7nwxh2IQOjJxmJyfNGBgoEAB hPZiRa5lXTyIDOM/ImQFE8o9Nem+epQL2/4FOA/oys5Uop4Y/JFnjTtjEhvgRmCf YpjZsvNeMyhoEiOuzBvES8Er2xcMczis/KJXqL4Gj+6E10B7t0FelNtf0JWEL2gd NFGCf8iZ/71cQ3JRnPZPWXLTj3RLJ7zjU6ul5VHQNWl7FEJ98BnwZr4x0PfnJ/lj sg+a4ByYOqOdEFZ1oqogZvfQdmis8uxxRWIU8/s0hpOMh07nmekka40YA9OEsy0X B6//t/P1+Ppli3yUwu/jsfgg+4/SbYzx5HjOKH50P1GGADsCg4/vnpaQz2wzsGzJ 8jb/2ZjcSDzHIg9kyR6FBqbr4hnLj0YH75lqbuJwIbglbJ577BZEYFy6COl5y5JK qnIkYpSkqkmUu8HVdmdEbPFoZnQbIXrOFN04AYwEYAXzWEW16vIR1p4kQfFR02TE IN9qAHCf7dHSv9GQvTiPxCRJwjU9Oq+7g1htBODyjkN0BZIMgONIDZsqaisActcP FG14M0/DMQwS8Vlc5afW =0Jbk -----END PGP SIGNATURE-----