Jibbers McGee discovered that PyMongo, a high-performance schema-free document-oriented data store, is prone to a denial-of-service vulnerability. An attacker can remotely trigger a NULL pointer dereference causing MongoDB to crash. The oldstable distribution (squeeze) is not affected by this issue.

For the stable distribution (wheezy), this problem has been fixed in version 2.2-4+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.5.2-1. For the unstable distribution (sid), this problem has been fixed in version 2.5.2-1. We recommend that you upgrade your pymongo packages.

MongoDB is a high-performance, open source, schema-free document-oriented data store. Pymongo provides an interface to easily access it from Python.

pymongo on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2705.html

---

Updated on 2015-03-25