It was found that the mongod server did not correctly validate certain malformed BSON requests. A remote, unauthenticated attacker could use a specially crafted BSON message to crash a mongod server. Upstream issue: https://jira.mongodb.org/browse/SERVER-17264 Upstream patches: 2.4 -- https://github.com/mongodb/mongo/commit/3a7e85ea1f672f702660e5472566234b1d19038e 2.6 -- https://github.com/mongodb/mongo/commit/8f1c734c7f1862180f607c241fb167640889efba 3.0 -- https://github.com/mongodb/mongo/commit/5285225e71c5c0652520ef99d0ae4ca24655f72f
Created mongodb tracking bugs for this issue: Affects: fedora-all [bug 1200447] Affects: epel-6 [bug 1200448] Affects: epel-7 [bug 1200449]
mongodb-2.6.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
mongodb-2.4.13-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
mongodb-2.4.13-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.