Users of New couchdb package please be advised of fixes arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
DSA 2107-1: [DSA 2107-1] New couchdb package fixes arbitrary code execution
Dan Rosenberg discovered that in couchdb, a distributed,
fault-tolerant and schema-free document-oriented database, an insecure
library search path is used; a local attacker could execute arbitrary
code by first dumping a maliciously crafted shared library in some
directory, and then having an administrator run couchdb from this same
directory.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9ips8k
No comments:
Post a Comment