Important security update about MongoDB from the Cloud Launcher Team - 35+ emails received on this

20 views

Skip to first unread message

Michael Prentice

unread,

Aug 24, 2016, 11:47:31 PM8/24/16

to gce-discussion

Today I received this email 35+ times for a single project:

Dear project owner,

Thank you for trying MongoDB by Bitnami on Google Cloud Launcher.
We are writing to inform you of a critical security vulnerability that should be patched as soon as possible and recommend that you update to the new version of MongoDB available here for the project listed above.
We are passing on the following information on behalf of Bitnami:
Security vulnerabilities (CVE-2016-5696) were recently identified for the Linux kernel and as a result Bitnami images are impacted. Specifically, the vulnerabilities include possible traffic hijacking. You can find more info about this issue from the Linux distros: Ubuntu, Debian, Redhat.

New Bitnami images were released on Aug 18th 2016, so all new deployments after this date will include the latest security update. Please visit our blog site for instructions on how to update existing deployments.
We apologize for this inconvenience and thank you for your prompt attention. Feel free to contact us with any questions at cloud-lau...@google.com.

Sincerely,
The Google Cloud Launcher Team

Perhaps this behavior can be tweaked a little bit please?

George (Google Cloud Support)

unread,

Aug 25, 2016, 2:55:01 PM8/25/16

to gce-discussion, cloud-lau...@google.com

Hello Michael,

We apologize for the inconvenience. I copied the Cloud Launcher team on this message so they can be aware of it.

Thank you for reporting it.

Sincerely,

George

On Wednesday, August 24, 2016 at 11:47:31 PM UTC-4, Michael Prentice wrote:

Today I received this email 35+ times for a single project:

Dear project owner,

Thank you for trying MongoDB by Bitnami on Google Cloud Launcher.
We are writing to inform you of a critical security vulnerability that should be patched as soon as possible and recommend that you update to the new version of MongoDB available here for the project listed above.
We are passing on the following information on behalf of Bitnami:
Security vulnerabilities (CVE-2016-5696) were recently identified for the Linux kernel and as a result Bitnami images are impacted. Specifically, the vulnerabilities include possible traffic hijacking. You can find more info about this issue from the Linux distros: Ubuntu, Debian, Redhat.

New Bitnami images were released on Aug 18th 2016, so all new deployments after this date will include the latest security update. Please visit our blog site for instructions on how to update existing deployments.

We apologize for this inconvenience and thank you for your prompt attention. Feel free to contact us with any questions at cloud-launcher-team@google.com.