Ubuntu Security Update USN-8064-1: MongoDB vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
Eliot Horowitz discovered that MongoDB may fail to validate some instances of malformed BSON. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-1609) It was discovered that MongoDB read raw permissions from .dbshell history files. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6494) Travis Brown discovered that MongoDB may be unable to parse specially crafted UTF-8 strings in BSON requests. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-20802)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8160-1: MongoDB vulnerability
Replies
0
Views
101
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8282-2: Unbound vulnerabilities
Replies
0
Views
48
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8269-1: Avahi vulnerabilities
Replies
0
Views
115
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8282-1: Unbound vulnerabilities
Replies
0
Views
103
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8147-1: libarchive vulnerabilities
Replies
0
Views
189
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 5,160 (members: 4, guests: 5,156)

Latest posts

Top