Apache has issued an advisory today (October 12): https://www.openwall.com/lists/oss-security/2021/10/12/2 The issue is fixed upstream in 3.1.2 and 3.2.0. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 3.1.2
No registered maintainer, unfortunately
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38295 https://www.openwall.com/lists/oss-security/2021/10/12/2 ======================== Updated package in core/updates_testing: ======================== couchdb-3.1.2-1.mga8 from SRPM: couchdb-3.1.2-1.mga8.src.rpm
CC: (none) => nicolas.salgueroStatus comment: Fixed upstream in 3.1.2 => (none)Version: Cauldron => 8Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsWhiteboard: MGA8TOO => (none)Source RPM: couchdb-3.1.1-2.mga9.src.rpm => couchdb-3.1.1-1.mga8.src.rpmCVE: (none) => CVE-2021-38295
MGA8-64 Plasma on Lenovo B50 No installation issues. Looking for a wa to test this, ref bug 14788 Comment 7,but that link is not valid anymore. Tried CLi but got: $ couchdb cat: /usr/bin/../releases/start_erl.data: file or folder does not exist /usr/bin/couchdb: regel 47: /usr/bin/../erts-/bin/erlexec:file or folder does not exist Googled and found https://www.unixmen.com/how-to-install-and-run-couchdb-in-ubuntu-linux-15-04/ but got curl localhost:5984 curl: (7) Failed to connect to localhost port 5984: Connection refused Openedport 5984 in firewall, nope Switched off firewall completely: nope Ping is OK, telnet localhost or telnet localhost 80 is OK (httpd i running) but $ telnet localhost 5984 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused telnet: Unable to connect to remote host: Connection refused Running out of ideas.
CC: (none) => herman.viaene
Checked # systemctl status couchdb ● couchdb.service - CouchDB Server Loaded: loaded (/usr/lib/systemd/system/couchdb.service; disabled; vendor preset: disabled) Active: inactive (dead) # systemctl start couchdb # systemctl -l status couchdb ● couchdb.service - CouchDB Server Loaded: loaded (/usr/lib/systemd/system/couchdb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2021-10-18 10:48:35 CEST; 39s ago Process: 13999 ExecStart=/usr/bin/erl +Bd -noinput -sasl errlog_type error +K true +A 4 -couch_ini /etc/couchdb/default.ini /etc/couchdb/local.ini -s couch -pidfile /var/run/couchdb/couchdb.pid -heart (code=e> Main PID: 13999 (code=exited, status=1/FAILURE) CPU: 229ms okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Scheduled restart job, restart counter is at 5. okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: Stopped CouchDB Server. okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Start request repeated too quickly. okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: couchdb.service: Failed with result 'exit-code'. okt 18 10:48:35 mach5.hviaene.thuis systemd[1]: Failed to start CouchDB Server. Th refered site at the end states: If service is not responding to port 5984 for any reason, try running “couchdb” command on the terminal, it should start it or atleast show you error message with details of why its failing. As shown in Comment 3, something might be missing????
I gave up on the erlang problems. Validating based on a clean install of the update over the prior version.
Whiteboard: (none) => MGA8-64-OKCC: (none) => davidwhodgins, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0520.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED