Release date:
2022-11-10 21:59:46 UTC
Description:
* SECURITY UPDATE: After user deletion in MongoDB Server the improper
invalidation of authorization sessions allows an authenticated user's
session to persist and become conflated with new accounts, if those
accounts reuse the names of deleted ones
- debian/patches/CVE-2019-2386.patch: Validate unique User ID on
UserCache hit
- CVE-2019-2386
Updated packages:
-
mongodb_2.6.10-0ubuntu1+tuxcare.els2_amd64.deb
sha:04ba97902d555e3c32aeca20b3d5b775b2560f96
-
mongodb-clients_2.6.10-0ubuntu1+tuxcare.els2_amd64.deb
sha:49d56f142e7429cd160f5f2dec8a239e7c458ab2
-
mongodb-server_2.6.10-0ubuntu1+tuxcare.els2_amd64.deb
sha:624827ca61a4cb9d2873340046e86fb01d3e6a1b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
