Alerts This Week
Warning Icon 1 690
Alerts This Week
Warning Icon 1 690

Ubuntu 18.04 LTS MongoDB Major Denial of Service Vulnerability USN-8064-1

ubuntu
Calendar Grey February 25, 2026
Dist Ubuntu Esm H88
Several security issues were fixed in MongoDB affecting multiple Ubuntu versions. Immediate updates recommended.
Several security issues were fixed in MongoDB.

Summary

Several security issues were fixed in MongoDB.

Software Description:

- mongodb: object/document-oriented database

Details:

Eliot Horowitz discovered that MongoDB may fail to validate some instances

of malformed BSON. A remote attacker could possibly use this issue to cause

MongoDB to crash, resulting in a denial of service. This issue only

affected Ubuntu 14.04 LTS. (CVE-2015-1609)

It was discovered that MongoDB read raw permissions from .dbshell history

files. A local attacker could possibly use this issue to obtain sensitive

information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04

LTS. (CVE-2016-6494)

Travis Brown discovered that MongoDB may be unable to parse specially

crafted UTF-8 strings in BSON requests. A remote attacker could possibly

use this issue to cause MongoDB to crash, resulting in a denial of service.

This issue only affected Ubuntu 18.04 LTS. (CVE-2018-20802)

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu malicious access MongoDB

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  mongodb                         1:3.6.3-0ubuntu1.4+esm1
                                  Available with Ubuntu Pro
  mongodb-server                  1:3.6.3-0ubuntu1.4+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  mongodb                         1:2.6.10-0ubuntu1+esm2
                                  Available with Ubuntu Pro
  mongodb-server                  1:2.6.10-0ubuntu1+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  mongodb                         1:2.4.9-1ubuntu2+esm2
                                  Available with Ubuntu Pro
  mongodb-server                  1:2.4.9-1ubuntu2+esm2
                                  Available with Ubuntu Pro

After a standard system update you need to restart MongoDB to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-8064-1

CVE-2018-20802

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8064-1

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu malicious access MongoDB

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here