Apache CouchDB security updates

Number: AV18-072
Date: 01 May 2018

Purpose

The purpose of this advisory is to bring attention to critical security updates release by Apache CouchDB.

Assessment

Apache CouchDB has released critical security updates to address vulnerabilities in their products.

CVE References: CVE-2017-12635 and CVE-2017-12636

Suggested Action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References:

• https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E
• https://nvd.nist.gov/vuln/detail/CVE-2017-12635