Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 506354 (CVE-2014-2668) - <dev-db/couchdb-1.5.1: remote denial of service flaw (CVE-2014-2668)
Summary: <dev-db/couchdb-1.5.1: remote denial of service flaw (CVE-2014-2668)
Status: RESOLVED FIXED
Alias: CVE-2014-2668
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-31 09:44 UTC by Agostino Sarubbo
Modified: 2014-12-13 17:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-31 09:44:27 UTC
From ${URL} :

Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2668 to
the following vulnerability:

Name: CVE-2014-2668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2668
Assigned: 20140328
Reference: EXPLOIT-DB:32519
Reference: http://www.exploit-db.com/exploits/32519
Reference: http://www.securityfocus.com/bid/66474
Reference: SECUNIA:57572
Reference: http://secunia.com/advisories/57572

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a
denial of service (CPU and memory consumption) via the count parameter
to /_uuids.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Dirkjan Ochtman gentoo-dev 2014-03-31 09:48:09 UTC
Yeah, 1.5.1 is forthcoming.
Comment 2 Mira Ressel 2014-06-04 17:23:39 UTC
Ping. Dirkjan, I guess you forgot this. The bump is a trivial rename-only one.
Comment 3 Dirkjan Ochtman gentoo-dev 2014-06-05 08:11:41 UTC
I've added 1.5.1 now, thanks Luis for reminding me.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2014-06-05 18:04:50 UTC
Stable time?
Comment 5 Dirkjan Ochtman gentoo-dev 2014-06-05 20:14:42 UTC
Yes, please.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2014-06-05 21:24:48 UTC
Arches, please test and mark stable:

=dev-db/couchdb-1.5.1

Target Keywords : "amd64 ppc x86"

Thank you!
Comment 7 Agostino Sarubbo gentoo-dev 2014-06-08 09:39:07 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-06-08 10:53:31 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-06-08 10:55:39 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 10 Dirkjan Ochtman gentoo-dev 2014-06-08 13:01:09 UTC
Cleanup done.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-06-08 13:38:41 UTC
CVE-2014-2668 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2668):
  Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial
  of service (CPU and memory consumption) via the count parameter to /_uuids.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2014-06-10 01:37:49 UTC
Maintainer(s), Thank you for cleanup!

GLSA VOTE: YES
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2014-08-04 19:23:51 UTC
YES too, request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2014-12-13 17:52:49 UTC
This issue was resolved and addressed in
 GLSA 201412-16 at http://security.gentoo.org/glsa/glsa-201412-16.xml
by GLSA coordinator Sean Amoss (ackle).