[SERVER-42233] Bump Windows package dependencies Created: 15/Jul/19  Updated: 29/Oct/23  Resolved: 23/Jul/19

Status: Closed
Project: Core Server
Component/s: Packaging
Affects Version/s: None
Fix Version/s: 3.4.22, 3.6.14, 4.0.11

Type: Bug Priority: Blocker - P1
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: SWNA
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.2, v4.0, v3.6, v3.4
Sprint: Security 2019-07-15, Security 2019-07-29
Participants:

 Description   
CVE-2019-2390

Description
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.

Credit
Rich Mirch


Generated at Thu Feb 08 04:59:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.