[Bug 1933520] Re: message decompressor to incorrectly allocate memory
Ubuntu Foundations Team Bug Bot
1933520 at bugs.launchpad.net
Fri Jul 2 16:27:22 UTC 2021
The attachment "CVE-2019-20925-bionic-20210702.debdiff" seems to be a
debdiff. The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff. If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1933520
Title:
message decompressor to incorrectly allocate memory
Status in mongodb package in Ubuntu:
New
Status in mongodb source package in Bionic:
New
Status in mongodb source package in Focal:
New
Bug description:
CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing
specially crafted wire protocol messages, which cause the message
decompressor to incorrectly allocate memory. This issue affects:
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0
versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions
prior to 3.4.24.
commit:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1933520/+subscriptions
More information about the Ubuntu-sponsors
mailing list