UbuntuUpdates.org

Package "mongodb-server"

Name: mongodb-server

Description:

object/document-oriented database (managed server package)

Latest version: 1:3.6.3-0ubuntu1.4
Release: bionic (18.04)
Level: security
Repository: universe
Head package: mongodb
Homepage: https://www.mongodb.org

Links


Download "mongodb-server"


Other versions of "mongodb-server" in Bionic

Repository Area Version
base universe 1:3.6.3-0ubuntu1
updates universe 1:3.6.3-0ubuntu1.4

Changelog

Version: 1:3.6.3-0ubuntu1.4 2021-10-04 18:06:19 UTC

  mongodb (1:3.6.3-0ubuntu1.4) bionic-security; urgency=medium

  * d/p/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch
    Recompute compressor manager message parameters. (LP: #1933520)

 -- Heather Lemon <email address hidden> Tue, 03 Aug 2021 20:57:49 +0000

Source diff to previous version
1933520 message decompressor to incorrectly allocate memory
CVE-2019-20925 An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to

Version: 1:3.6.3-0ubuntu1.3 2021-08-26 03:06:18 UTC

  mongodb (1:3.6.3-0ubuntu1.3) bionic-security; urgency=medium

  [Heather Lemon]
  * SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
    - d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
      Attach ID to users.
      After user deletion in MongoDB Server the improper invalidation of
      authorization sessions allows an authenticated user's session to
      persist and become conflated with new accounts
    - CVE-2019-2386

  [Alex Murray]
  * Refresh
    d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
    with the version from the 3.4 upstream branch that is still licensed
    under the AGPL.

 -- Alex Murray <email address hidden> Fri, 06 Aug 2021 12:08:41 +0930

1934518 improper invalidation of authorization sessions



About   -   Send Feedback to @ubuntu_updates