An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1880 Final 1.0 1.0 2024-07-19 Initial 2024-07-19 2024-07-19 openEuler SA Tool V1.0 2024-07-19 mongo-c-driver security update An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP1 mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fix(es): The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1(CVE-2024-6383) An update for mongo-c-driver is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium mongo-c-driver https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1880 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6383 https://nvd.nist.gov/vuln/detail/CVE-2024-6383 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP1 libbson-1.27.4-1.oe2203sp3.aarch64.rpm libbson-devel-1.27.4-1.oe2203sp3.aarch64.rpm mongo-c-driver-1.27.4-1.oe2203sp3.aarch64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.aarch64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.aarch64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp3.aarch64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp3.aarch64.rpm libbson-1.27.4-1.oe2003sp4.aarch64.rpm libbson-devel-1.27.4-1.oe2003sp4.aarch64.rpm mongo-c-driver-1.27.4-1.oe2003sp4.aarch64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.aarch64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.aarch64.rpm mongo-c-driver-devel-1.27.4-1.oe2003sp4.aarch64.rpm mongo-c-driver-help-1.27.4-1.oe2003sp4.aarch64.rpm libbson-1.27.4-1.oe2403.aarch64.rpm libbson-devel-1.27.4-1.oe2403.aarch64.rpm mongo-c-driver-1.27.4-1.oe2403.aarch64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2403.aarch64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2403.aarch64.rpm mongo-c-driver-devel-1.27.4-1.oe2403.aarch64.rpm mongo-c-driver-help-1.27.4-1.oe2403.aarch64.rpm libbson-1.27.4-1.oe2203sp4.aarch64.rpm libbson-devel-1.27.4-1.oe2203sp4.aarch64.rpm mongo-c-driver-1.27.4-1.oe2203sp4.aarch64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.aarch64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.aarch64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp4.aarch64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp4.aarch64.rpm libbson-1.27.4-1.oe2203sp1.aarch64.rpm libbson-devel-1.27.4-1.oe2203sp1.aarch64.rpm mongo-c-driver-1.27.4-1.oe2203sp1.aarch64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.aarch64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.aarch64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp1.aarch64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp1.aarch64.rpm libbson-1.27.4-1.oe2203sp3.x86_64.rpm libbson-devel-1.27.4-1.oe2203sp3.x86_64.rpm mongo-c-driver-1.27.4-1.oe2203sp3.x86_64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp3.x86_64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp3.x86_64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp3.x86_64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp3.x86_64.rpm libbson-1.27.4-1.oe2003sp4.x86_64.rpm libbson-devel-1.27.4-1.oe2003sp4.x86_64.rpm mongo-c-driver-1.27.4-1.oe2003sp4.x86_64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2003sp4.x86_64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2003sp4.x86_64.rpm mongo-c-driver-devel-1.27.4-1.oe2003sp4.x86_64.rpm mongo-c-driver-help-1.27.4-1.oe2003sp4.x86_64.rpm libbson-1.27.4-1.oe2403.x86_64.rpm libbson-devel-1.27.4-1.oe2403.x86_64.rpm mongo-c-driver-1.27.4-1.oe2403.x86_64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2403.x86_64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2403.x86_64.rpm mongo-c-driver-devel-1.27.4-1.oe2403.x86_64.rpm mongo-c-driver-help-1.27.4-1.oe2403.x86_64.rpm libbson-1.27.4-1.oe2203sp4.x86_64.rpm libbson-devel-1.27.4-1.oe2203sp4.x86_64.rpm mongo-c-driver-1.27.4-1.oe2203sp4.x86_64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp4.x86_64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp4.x86_64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp4.x86_64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp4.x86_64.rpm libbson-1.27.4-1.oe2203sp1.x86_64.rpm libbson-devel-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-debuginfo-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-debugsource-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-devel-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-help-1.27.4-1.oe2203sp1.x86_64.rpm mongo-c-driver-1.27.4-1.oe2203sp3.src.rpm mongo-c-driver-1.27.4-1.oe2003sp4.src.rpm mongo-c-driver-1.27.4-1.oe2403.src.rpm mongo-c-driver-1.27.4-1.oe2203sp4.src.rpm mongo-c-driver-1.27.4-1.oe2203sp1.src.rpm The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1 2024-07-19 CVE-2024-6383 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N mongo-c-driver security update 2024-07-19 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1880