ALT-BU-2024-11027-2

Branch p11 update bulletin.

Package mongo5.0 updated to version 5.0.28-alt1 for branch p11 in task 354424.

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References:

Package mongo6.0 updated to version 6.0.16-alt1 for branch p11 in task 354559.

Уязвимость драйверов PHP, C системы управления базами данных MongoDB, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.3)Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8)Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

References:

CVE-2024-7553

Уязвимость компонента Hot Backup File системы управления базами данных MongoDB, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (5.3)Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: MEDIUM (4.9)Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N

References:

CVE-2024-6384

Уязвимость сервера системы управления базами данных MongoDB, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

References:

CVE-2024-6375

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

References:

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versions prior to 7.3.3

Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1. Required Configuration: Only environments with Windows as the underlying operating system is affected by this issue

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package hyprland updated to version 0.41.2-alt1 for branch p11 in task 352570.

Прошу обновить пакет hyprland обновить до версии 0.41.0

Version: 2.1.2

Branch p11 update on 2024-08-10

ALT-BU-2024-11027-2

ALT-PU-2024-10759-2

Closed vulnerabilities

CVE-2024-6375

ALT-PU-2024-10822-3

Closed vulnerabilities

BDU:2024-07244

BDU:2024-07400

BDU:2025-03802

CVE-2024-6375

CVE-2024-6384

CVE-2024-7553

ALT-PU-2024-9811-4

Closed bugs

Bug #50618