Ubuntu
mongodb package

  1. Trusty (14.04)
  2. Bug #1934518
  3. Comment #13

Comment 13 for bug 1934518

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mongodb - 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2

---------------
mongodb (1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2) focal-security; urgency=medium

  [Heather Lemon]
  * SECURITY UPDATE: account session reuse leads to unauthorized access (LP: #1934518)
    - d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch:
      Attach ID to users.
      After user deletion in MongoDB Server the improper invalidation of
      authorization sessions allows an authenticated user's session to
      persist and become conflated with new accounts
    - CVE-2019-2386

  [Alex Murray]
  * Refresh
    d/p/CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
    with the version from the 3.4 upstream branch that is still licensed
    under the AGPL.

 -- Alex Murray <email address hidden> Mon, 23 Aug 2021 17:01:06 +0930