[ubuntu/bionic-updates] mongodb 1:3.6.3-0ubuntu1.3 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Aug 26 01:58:35 UTC 2021

mongodb (1:3.6.3-0ubuntu1.3) bionic-security; urgency=medium

  [Heather Lemon]
  * SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
    - d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
      Attach ID to users.
      After user deletion in MongoDB Server the improper invalidation of
      authorization sessions allows an authenticated user's session to
      persist and become conflated with new accounts
    - CVE-2019-2386

  [Alex Murray]
  * Refresh
    with the version from the 3.4 upstream branch that is still licensed
    under the AGPL.

Date: 2021-08-23 06:08:09.568153+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list