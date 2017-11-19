

Gentoo Linux Security Advisory GLSA 201711-16

https://security.gentoo.org/

Severity: Normal

Title: CouchDB: Multiple vulnerabilities

Date: November 19, 2017

Bugs: #637516

ID: 201711-16



Synopsis

Multiple vulnerabilities have been found in CouchDB, the worst of which

could lead to the remote execution of arbitrary shell commands.



Background

Apache CouchDB is a distributed, fault-tolerant and schema-free

document-oriented database.



Affected packages

1 dev-db/couchdb < 1.7.1 >= 1.7.1



Description

Multiple vulnerabilities have been discovered in CouchDB. Please review

the CVE identifiers referenced below for details.



Impact

A remote attacker could execute arbitrary shell commands or escalate

privileges.



Workaround

There is no known workaround at this time.



Resolution

All CouchDB users should upgrade to the latest version:



# emerge --sync

# emerge --ask --oneshot --verbose ">=dev-db/couchdb-1.7.1"



References

[ 1 ] CVE-2017-12635

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12635

[ 2 ] CVE-2017-12636

https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12636



Availability

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:



https://security.gentoo.org/glsa/201711-16



Concerns?

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security@gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.



License

Copyright 2017 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).



The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.



http://creativecommons.org/licenses/by-sa/2.5

