Oval Definition:oval:org.opensuse.security:def:60850
Revision Date:2020-12-01Version:1
Title:Security update for couchdb (Moderate)
Description:

This update for couchdb fixes the following security issues:

- CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973)
Family:unixClass:patch
Status:Reference(s):1027519
1061305
1061599
1068101
1086598
1087082
1091107
1094301
1100973
1101776
1101777
1101786
1101788
1101791
1101794
1101800
1101802
1101804
1101810
1103276
1106061
1106514
1107116
1107121
1121826
1123161
1125674
1127034
1128977
1130972
1133860
1134297
1134399
1135335
1135365
1137001
1137584
1139358
1139826
1140652
1140903
1140945
1141181
1141401
1141402
1141452
1141453
1141454
1141780
1141782
1141783
1141784
1141785
1141786
1141787
1141789
1142023
1142254
1142857
1143045
1143048
1143189
1143191
1143333
1144257
1144273
1144288
1144920
1145920
1145922
1149496
1152497
1154448
1154456
1154458
1154460
1154461
1154464
1154824
1155945
1156323
1156324
1156326
1156328
1156329
1157888
1158003
1158004
1158005
1158006
1158007
1161951
1162687
1162689
1162691
1164871
1169025
1169625
1170383
1170618
1170620
1171098
1171195
1171202
1171218
1171219
1171689
1171698
1172032
1172221
1172317
1173477
1173691
1173694
1173700
1173701
1173743
1173874
1173875
1173876
1173880
1174415
CVE-2017-14988
CVE-2017-18922
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
CVE-2018-11354
CVE-2018-11355
CVE-2018-11356
CVE-2018-11357
CVE-2018-11358
CVE-2018-11359
CVE-2018-11360
CVE-2018-11361
CVE-2018-11362
CVE-2018-12207
CVE-2018-14339
CVE-2018-14340
CVE-2018-14341
CVE-2018-14342
CVE-2018-14343
CVE-2018-14344
CVE-2018-14367
CVE-2018-14368
CVE-2018-14369
CVE-2018-14370
CVE-2018-16056
CVE-2018-16057
CVE-2018-16058
CVE-2018-16428
CVE-2018-16429
CVE-2018-20855
CVE-2018-20856
CVE-2018-21247
CVE-2018-3639
CVE-2018-3646
CVE-2018-8007
CVE-2018-8048
CVE-2019-10207
CVE-2019-11135
CVE-2019-1125
CVE-2019-11810
CVE-2019-12450
CVE-2019-12523
CVE-2019-12526
CVE-2019-12528
CVE-2019-13631
CVE-2019-13648
CVE-2019-14283
CVE-2019-14284
CVE-2019-15117
CVE-2019-15118
CVE-2019-18420
CVE-2019-18421
CVE-2019-18422
CVE-2019-18423
CVE-2019-18424
CVE-2019-18425
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2019-19577
CVE-2019-19578
CVE-2019-19579
CVE-2019-19580
CVE-2019-19581
CVE-2019-19582
CVE-2019-19583
CVE-2019-20839
CVE-2019-20840
CVE-2019-2426
CVE-2019-2745
CVE-2019-2762
CVE-2019-2766
CVE-2019-2769
CVE-2019-2786
CVE-2019-2816
CVE-2019-2842
CVE-2019-3819
CVE-2019-5482
CVE-2019-6133
CVE-2019-7317
CVE-2020-0543
CVE-2020-10757
CVE-2020-12114
CVE-2020-12652
CVE-2020-12653
CVE-2020-12654
CVE-2020-12656
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-14403
CVE-2020-14404
CVE-2020-15900
CVE-2020-8449
CVE-2020-8450
CVE-2020-8517
SUSE-SU-2017:3213-1
SUSE-SU-2018:2765-1
SUSE-SU-2018:2891-1
SUSE-SU-2019:2209-1
SUSE-SU-2019:2263-1
SUSE-SU-2019:2339-2
SUSE-SU-2019:3297-1
SUSE-SU-2020:0661-1
SUSE-SU-2020:1596-1
SUSE-SU-2020:2097-1
SUSE-SU-2020:2167-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libBasicUsageEnvironment1-2019.06.28-lp151.2.3 is installed
  • OR libUsageEnvironment3-2019.06.28-lp151.2.3 is installed
  • OR libgroupsock8-2019.06.28-lp151.2.3 is installed
  • OR libliveMedia66-2019.06.28-lp151.2.3 is installed
  • OR live555-2019.06.28-lp151.2.3 is installed
  • OR live555-devel-2019.06.28-lp151.2.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 NonFree is installed
  • AND opera-68.0.3618.104-lp151.2.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • MozillaFirefox-52.5.0esr-109.9 is installed
  • OR MozillaFirefox-translations-52.5.0esr-109.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libpolkit0-0.113-5.18 is installed
  • OR polkit-0.113-5.18 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • curl-7.37.0-37.43 is installed
  • OR libcurl4-7.37.0-37.43 is installed
  • OR libcurl4-32bit-7.37.0-37.43 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • xen-4.9.2_10-3.41 is installed
  • OR xen-doc-html-4.9.2_10-3.41 is installed
  • OR xen-libs-4.9.2_10-3.41 is installed
  • OR xen-libs-32bit-4.9.2_10-3.41 is installed
  • OR xen-tools-4.9.2_10-3.41 is installed
  • OR xen-tools-domU-4.9.2_10-3.41 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache-commons-daemon-1.0.15-6 is installed
  • OR apache-commons-daemon-javadoc-1.0.15-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • apache2-2.4.23-29.63 is installed
  • OR apache2-doc-2.4.23-29.63 is installed
  • OR apache2-example-pages-2.4.23-29.63 is installed
  • OR apache2-prefork-2.4.23-29.63 is installed
  • OR apache2-utils-2.4.23-29.63 is installed
  • OR apache2-worker-2.4.23-29.63 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.4-2.59 is installed
  • OR libwebkit2gtk-4_0-37-2.28.4-2.59 is installed
  • OR libwebkit2gtk3-lang-2.28.4-2.59 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.4-2.59 is installed
  • OR typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.4-2.59 is installed
  • OR webkit2gtk3-2.28.4-2.59 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND couchdb-1.7.2-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-urllib3-1.23-3.6 is installed
    • BACK