[Bug 1933520] Re: message decompressor to incorrectly allocate memory
Launchpad Bug Tracker
1933520 at bugs.launchpad.net
Mon Oct 4 17:01:25 UTC 2021
This bug was fixed in the package mongodb - 1:3.6.3-0ubuntu1.4
---------------
mongodb (1:3.6.3-0ubuntu1.4) bionic-security; urgency=medium
* d/p/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch
Recompute compressor manager message parameters. (LP: #1933520)
-- Heather Lemon <heather.lemon at canonical.com> Tue, 03 Aug 2021
20:57:49 +0000
** Changed in: mongodb (Ubuntu Bionic)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1933520
Title:
message decompressor to incorrectly allocate memory
Status in mongodb source package in Bionic:
Fix Released
Status in mongodb source package in Focal:
Fix Released
Bug description:
CVE 2019-20925: https://ubuntu.com/security/CVE-2019-20925
An unauthenticated client can trigger denial of service by issuing
specially crafted wire protocol messages, which cause the message
decompressor to incorrectly allocate memory. This issue affects:
MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0
versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions
prior to 3.4.24.
commit:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
Affected versions
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 20.04 LTS (Focal Fossa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/bionic/+source/mongodb/+bug/1933520/+subscriptions
More information about the Ubuntu-sponsors
mailing list