[SERVER-42233] Bump Windows package dependencies - MongoDB

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Blocker - P1
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.22, 3.6.14, 4.0.11
Component/s: Packaging
Labels:
- SWNA

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v4.2, v4.0, v3.6, v3.4
Sprint:
Security 2019-07-15, Security 2019-07-29

Description

CVE-2019-2390

Description
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

Credit
Rich Mirch

Attachments

Activity

People

Assignee:: Spencer Jackson

Reporter:: Spencer Jackson

Participants:: Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: Jul 15 2019 01:46:32 PM UTC

Updated:: Aug 30 2019 12:37:47 PM UTC

Resolved:: Jul 23 2019 08:41:09 PM UTC