[ubuntu/focal-security] mongodb 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Aug 26 01:26:41 UTC 2021
mongodb (1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2) focal-security; urgency=medium
[Heather Lemon]
* SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
- d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
Attach ID to users.
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user's session to
persist and become conflated with new accounts
- CVE-2019-2386
[Alex Murray]
* Refresh
d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
with the version from the 3.4 upstream branch that is still licensed
under the AGPL.
Date: 2021-08-24 07:29:09.447145+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/mongodb/1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list