Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-6494

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.

Related bugs and status

CVE-2016-6494 (Candidate) is related to these bugs:

Bug #1761807: [FFe] Bump mongodb to 3.6.X

Summary				In	Importance	Status
	1761807	[FFe] Bump mongodb to 3.6.X		mongodb (Ubuntu)	High	Fix Released
	1761807	[FFe] Bump mongodb to 3.6.X		mongo-tools (Ubuntu)	Undecided	Fix Released

Bug #1800780: Provide updated MongoDB package

Summary				In	Importance	Status
	1800780	Provide updated MongoDB package		Mirantis OpenStack	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016072...
MLIST: [oss-security] 2016072...
CONFIRM: https://bugs.debian.or...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/mon...
CONFIRM: https://jira.mongodb.o...
FEDORA: FEDORA-2016-9a8e2bbc04
BID: 92204