[Heather Lemon]
* SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
- d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
Attach ID to users.
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user's session to
persist and become conflated with new accounts
- CVE-2019-2386
[Alex Murray]
* Refresh
d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
with the version from the 3.4 upstream branch that is still licensed
under the AGPL.
-- Alex Murray <email address hidden> Mon, 23 Aug 2021 17:01:06 +0930
This bug was fixed in the package mongodb - 1:3.6.9+ really3. 6.8+90~ g8e540c0b6d- 0ubuntu5. 2
--------------- 9+really3. 6.8+90~ g8e540c0b6d- 0ubuntu5. 2) focal-security; urgency=medium
mongodb (1:3.6.
[Heather Lemon] 2019-2386- SERVER- 38984-Validate- unique- User-ID- on-UserCache- hi.patch:
* SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
- d/p/CVE-
Attach ID to users.
After user deletion in MongoDB Server the improper invalidation of
authorization sessions allows an authenticated user's session to
persist and become conflated with new accounts
- CVE-2019-2386
[Alex Murray] CVE-2019- 2386-SERVER- 38984-Validate- unique- User-ID- on-UserCache- hi.patch
* Refresh
d/p/
with the version from the 3.4 upstream branch that is still licensed
under the AGPL.
-- Alex Murray <email address hidden> Mon, 23 Aug 2021 17:01:06 +0930