Bug 29548 - couchdb new security issue CVE-2021-38295
Summary: couchdb new security issue CVE-2021-38295
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-12 22:12 CEST by David Walser
Modified: 2021-10-14 09:42 CEST (History)
2 users (show)

See Also:
Source RPM: couchdb-3.1.1-1.mga8.src.rpm
CVE: CVE-2021-38295
Status comment:


Attachments

Description David Walser 2021-10-12 22:12:46 CEST
Apache has issued an advisory today (October 12):
https://www.openwall.com/lists/oss-security/2021/10/12/2

The issue is fixed upstream in 3.1.2 and 3.2.0.

Mageia 8 is also affected.
David Walser 2021-10-12 22:12:59 CEST

Status comment: (none) => Fixed upstream in 3.1.2
Whiteboard: (none) => MGA8TOO

Comment 1 Marja Van Waes 2021-10-13 22:14:07 CEST
No registered maintainer, unfortunately

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-10-14 09:42:54 CEST
Suggested advisory:
========================

The updated package fixes a security vulnerability:

Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38295
https://www.openwall.com/lists/oss-security/2021/10/12/2
========================

Updated package in core/updates_testing:
========================
couchdb-3.1.2-1.mga8

from SRPM:
couchdb-3.1.2-1.mga8.src.rpm

Assignee: pkg-bugs => qa-bugs
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 3.1.2 => (none)
CVE: (none) => CVE-2021-38295
Source RPM: couchdb-3.1.1-2.mga9.src.rpm => couchdb-3.1.1-1.mga8.src.rpm
Version: Cauldron => 8
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED


Note You need to log in before you can comment on or make changes to this bug.