ALT Vulnerability
This commit is contained in:
parent
ec33a4b91b
commit
4fa652202a
@ -30,7 +30,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades mongo to version 4.4.10-alt1. \nSecurity Fix(es):\n\n * CVE-2021-32036: An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28\n\n",
|
||||
"Description": "This update upgrades mongo to version 4.4.10-alt1. \nSecurity Fix(es):\n\n * CVE-2021-32036: An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades mongo to version 4.4.17-alt0.p10. \nSecurity Fix(es):\n\n * CVE-2021-32040: It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.\n\nWorkaround: \u003e= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.\n\n",
|
||||
"Description": "This update upgrades mongo to version 4.4.17-alt0.p10. \nSecurity Fix(es):\n\n * CVE-2021-32040: It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.\n\nWorkaround: \u003e= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades mongo to version 4.4.10-alt1. \nSecurity Fix(es):\n\n * CVE-2021-32036: An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28\n\n",
|
||||
"Description": "This update upgrades mongo to version 4.4.10-alt1. \nSecurity Fix(es):\n\n * CVE-2021-32036: An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades mongo to version 4.4.17-alt0.p10. \nSecurity Fix(es):\n\n * CVE-2021-32040: It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.\n\nWorkaround: \u003e= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.\n\n",
|
||||
"Description": "This update upgrades mongo to version 4.4.17-alt0.p10. \nSecurity Fix(es):\n\n * CVE-2021-32040: It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB Server v4.4 versions prior to and including 4.4.28, MongoDB Server v5.0 versions prior to 5.0.4 and MongoDB Server v4.2 versions prior to 4.2.16.\n\nWorkaround: \u003e= v4.2.16 users and all v4.4 users can add the --setParameter internalPipelineLengthLimit=50 instead of the default 1000 to mongod at startup to prevent a crash.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
|
||||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user