Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-22144

It seems somebody is tampering with the MongoDB 3.2 Debian repository

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical - P2
    • Resolution: Duplicate
    • 3.2.0
    • None
    • Packaging
    • None
    • ALL
    • Hide

      apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv EA312927
      echo 'deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main' > /etc/apt/sources.list.d/mongodb-org.list
      apt-get update

      Show
      apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv EA312927 echo 'deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main' > /etc/apt/sources.list.d/mongodb-org.list apt-get update

    Description

      The 3.2 binaries in the Debian repository do not match the key specified in the installation guide.
      Might be a malicious attack.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-22143 GPG error - BADSIG D68FA50FEA312927

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              scsynergy Ronald Feicht
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: