DSA-2107-1 couchdb -- untrusted search pathID: oval:org.secpod.oval:def:600020 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Dan Rosenberg discovered that in couchdb, a distributed, fault-tolerant and schema-free document-oriented database, an insecure library search path is used; a local attacker could execute arbitrary code by first dumping a maliciously crafted shared library in some directory, and then having an administrator run couchdb from this same directory. For the stable distribution , this problem has been fixed in version 0.8.0-2+lenny1. We recommend that you upgrade your couchdb package.