Debian has issued an advisory on June 10: http://www.debian.org/security/2013/dsa-2705 It looks like the issue is fixed upstream in 2.5.2. Mageia 3 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Fixed in cauldron.
Indeed, I missed that. Fixed in python-pymongo-2.5.2-1.mga4 in Cauldron.
Version: Cauldron => 3Whiteboard: MGA3TOO => (none)
I applied the patch linked at the bottom of this page: https://security-tracker.debian.org/tracker/CVE-2013-2132 It's actually the first of 4 commits mentioned on the upstream bug: https://jira.mongodb.org/browse/PYTHON-532 So hopefully the one patch is sufficient. We can update to 2.5.2 if anyone thinks that's more appropriate. Note to QA: reproducers in the second comment on the upstream bug. Advisory: ======================== Updated python-pymongo packages fix security vulnerability: PyMongo before 2.5.2 is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash (CVE-2013-2132). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2132 http://www.debian.org/security/2013/dsa-2705 ======================== Updated packages in core/updates_testing: ======================== python-pymongo-2.5-1.1.mga3 python-pymongo-gridfs-2.5-1.1.mga3 python-bson-2.5-1.1.mga3 from python-pymongo-2.5-1.1.mga3.src.rpm
CC: (none) => guillomovitchAssignee: guillomovitch => qa-bugs
Testing complete mga3 64 # urpmi mongodb mongodb-server # service mongod start $ mongo MongoDB shell version: 2.2.2 connecting to: test Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user > db.python532.insert({x : {"$ref" : "whatever"} }); Before ------ $ idle Python 2.7.3 (default, Jan 13 2013, 20:09:12) [GCC 4.7.2] on linux2 Type "copyright", "credits" or "license()" for more information. >>> import pymongo >>> pymongo.MongoClient().test.python532.find_one() >>> ================================ RESTART ================================ >>> After ----- $ idle Python 2.7.3 (default, Jan 13 2013, 20:09:12) [GCC 4.7.2] on linux2 Type "copyright", "credits" or "license()" for more information. >>> import pymongo >>> pymongo.MongoClient().test.python532.find_one() {u'x': DBRef(u'whatever', None), u'_id': ObjectId('51d2d0e6046554d4cf9caf66')} >>>
Whiteboard: (none) => has_procedure mga3-64-ok
Testing complete mga3 32 Using python interactively.. Before ------ $ python Python 2.7.3 (default, Jan 13 2013, 20:10:21) [GCC 4.7.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import pymongo >>> pymongo.MongoClient().test.python532.find_one() Segmentation fault After ----- $ python Python 2.7.3 (default, Jan 13 2013, 20:10:21) [GCC 4.7.2] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import pymongo >>> pymongo.MongoClient().test.python532.find_one() {u'x': DBRef(u'whatever', None), u'_id': ObjectId('51d2d5b890a3ef1f5962359b')} >>>
Whiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok
Bug 10679 created for a mongodb bug found while removing mongodb-server
Validating. Advisory from comment 3 uploaded. Could sysadmin please push from 3 core/updates_testing to core/updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0201.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)