Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-42233

Bump Windows package dependencies

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker - P1
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.22, 3.6.14, 4.0.11
    • Component/s: Packaging
    • Labels:
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.2, v4.0, v3.6, v3.4
    • Sprint:
      Security 2019-07-15, Security 2019-07-29

      Description

      CVE-2019-2390

      Description
      An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

      Credit
      Rich Mirch

        Attachments

          Activity

            People

            • Assignee:
              spencer.jackson Spencer Jackson
              Reporter:
              spencer.jackson Spencer Jackson
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: