What is the severity of USN-6904-1?

The severity of USN-6904-1 is classified as important due to the potential for an attacker to read sensitive information or cause application crashes.

How do I fix USN-6904-1?

To fix USN-6904-1, you should upgrade to the recommended packages: python3-bson and python3-bson-ext version 3.11.0-1ubuntu0.24.04.1 for Ubuntu 24.04.

Which software is affected by USN-6904-1?

USN-6904-1 affects the python3-bson and python3-bson-ext packages across multiple Ubuntu versions including 24.04, 22.04, 20.04, and 18.04.

What issues does USN-6904-1 address?

USN-6904-1 addresses issues related to improper handling of BSON in PyMongo that can lead to information disclosure and crashes.

Is there a workaround for USN-6904-1?

There is no specific workaround for USN-6904-1; upgrading to the patched versions is the only recommended action.

Vulnerability/
USN-6904-1

22/7/2024

USN-6904-1: PyMongo vulnerability

First published: Mon Jul 22 2024(Updated: )

It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash.

Affected Software	Affected Version	How to fix
All of
ubuntu/python3-bson	<3.11.0-1ubuntu0.24.04.1	3.11.0-1ubuntu0.24.04.1
Ubuntu	=24.04
All of
ubuntu/python3-bson-ext	<3.11.0-1ubuntu0.24.04.1	3.11.0-1ubuntu0.24.04.1
Ubuntu	=24.04
All of
ubuntu/python3-bson	<3.11.0-1ubuntu0.22.04.1	3.11.0-1ubuntu0.22.04.1
Ubuntu	=22.04
All of
ubuntu/python3-bson-ext	<3.11.0-1ubuntu0.22.04.1	3.11.0-1ubuntu0.22.04.1
Ubuntu	=22.04
All of
ubuntu/python3-bson	<3.10.1-0ubuntu2.1	3.10.1-0ubuntu2.1
Ubuntu	=20.04
All of
ubuntu/python3-bson-ext	<3.10.1-0ubuntu2.1	3.10.1-0ubuntu2.1
Ubuntu	=20.04
All of
ubuntu/python-bson	<3.6.1+dfsg1-1ubuntu0.1~esm1	3.6.1+dfsg1-1ubuntu0.1~esm1
Ubuntu	=18.04
All of
ubuntu/python-bson-ext	<3.6.1+dfsg1-1ubuntu0.1~esm1	3.6.1+dfsg1-1ubuntu0.1~esm1
Ubuntu	=18.04
All of
ubuntu/python3-bson	<3.6.1+dfsg1-1ubuntu0.1~esm1	3.6.1+dfsg1-1ubuntu0.1~esm1
Ubuntu	=18.04
All of
ubuntu/python3-bson-ext	<3.6.1+dfsg1-1ubuntu0.1~esm1	3.6.1+dfsg1-1ubuntu0.1~esm1
Ubuntu	=18.04
All of
ubuntu/python-bson	<3.2-1ubuntu0.1~esm1	3.2-1ubuntu0.1~esm1
Ubuntu	=16.04
All of
ubuntu/python-bson-ext	<3.2-1ubuntu0.1~esm1	3.2-1ubuntu0.1~esm1
Ubuntu	=16.04
All of
ubuntu/python3-bson	<3.2-1ubuntu0.1~esm1	3.2-1ubuntu0.1~esm1
Ubuntu	=16.04
All of
ubuntu/python3-bson-ext	<3.2-1ubuntu0.1~esm1	3.2-1ubuntu0.1~esm1
Ubuntu	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2024-5629

Frequently Asked Questions

What is the severity of USN-6904-1?
The severity of USN-6904-1 is classified as important due to the potential for an attacker to read sensitive information or cause application crashes.
How do I fix USN-6904-1?
To fix USN-6904-1, you should upgrade to the recommended packages: python3-bson and python3-bson-ext version 3.11.0-1ubuntu0.24.04.1 for Ubuntu 24.04.
Which software is affected by USN-6904-1?
USN-6904-1 affects the python3-bson and python3-bson-ext packages across multiple Ubuntu versions including 24.04, 22.04, 20.04, and 18.04.
What issues does USN-6904-1 address?
USN-6904-1 addresses issues related to improper handling of BSON in PyMongo that can lead to information disclosure and crashes.
Is there a workaround for USN-6904-1?
There is no specific workaround for USN-6904-1; upgrading to the patched versions is the only recommended action.

agent/severity
agent/references
agent/title
agent/last-modified-date
agent/type
agent/description
agent/event
agent/first-publish-date
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu
version/ubuntu/24.04
version/ubuntu/22.04
version/ubuntu/20.04
version/ubuntu/18.04
version/ubuntu/16.04