[Heather Lemon]
* SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
- d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
Attach ID to users.
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user's session to
persist and become conflated with new accounts
- CVE-2019-2386
[Alex Murray]
* Refresh
d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
with the version from the 3.4 upstream branch that is still licensed
under the AGPL.
-- Alex Murray <email address hidden> Fri, 06 Aug 2021 12:08:41 +0930
This bug was fixed in the package mongodb - 1:3.6.3-0ubuntu1.3
--------------- 3-0ubuntu1. 3) bionic-security; urgency=medium
mongodb (1:3.6.
[Heather Lemon] 2019-2386- SERVER- 38984-Validate- unique- User-ID- on-UserCache- hi.patch:
* SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
- d/p/CVE-
Attach ID to users.
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user's session to
persist and become conflated with new accounts
- CVE-2019-2386
[Alex Murray] CVE-2019- 2386-SERVER- 38984-Validate- unique- User-ID- on-UserCache- hi.patch
* Refresh
d/p/
with the version from the 3.4 upstream branch that is still licensed
under the AGPL.
-- Alex Murray <email address hidden> Fri, 06 Aug 2021 12:08:41 +0930