Vulnerability in MongoDb version 3.4 up to 3.4.9
Bug #1750824 reported by
Nils Weiher
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mongodb (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hello,
please see the following vulnerablitiy:
https:/
And the corresponding ticket confirming the vulnerability and the fix:
https:/
The upcoming Ubuntu 18.04 release will include only MongoDb Version 3.4.7
Is it possible to upgrade the package for bionic to the current latest version 3.6.3.
This version also includes the bind to localhost by default, as is the case for the packages in the official Ubuntu repositories.
https:/
Please consider this upgrade, as it contains many more bugfixes.
CVE References
description: | updated |
Changed in mongodb (Ubuntu): | |
status: | New → Triaged |
To post a comment you must log in.
> Is it possible to upgrade the package for bionic to the current latest version 3.6.3.
In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now.
Unfortunately in my testing 3.4.14 fails to build with the current packaging so bumping to 3.4.14 isn't quite so straightforward either, and also needs volunteers to provide a patch. Alternatively I'd be happy to upload a patch that fixes just this particular problem, but again we need someone to prepare and test that.