[USN-8160-1] MongoDB vulnerability

========================================================================== Ubuntu Security Notice USN-8160-1 April 09, 2026 mongodb vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: MongoDB could be made to expose sensitive information over the network. Software Description: - mongodb: object/document-oriented database Details: It was discovered that MongoDB incorrectly handled length parameters in zlib-compressed network messages prior to authentication. An unauthenticated remote attacker could possibly use this issue to cause MongoDB to allocate an oversized memory buffer, resulting in the exposure of sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS mongodb 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1 Available with Ubuntu Pro mongodb-clients 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1 Available with Ubuntu Pro mongodb-server 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1 Available with Ubuntu Pro mongodb-server-core 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS mongodb 1:3.6.3-0ubuntu1.4+esm2 Available with Ubuntu Pro mongodb-clients 1:3.6.3-0ubuntu1.4+esm2 Available with Ubuntu Pro mongodb-server 1:3.6.3-0ubuntu1.4+esm2 Available with Ubuntu Pro mongodb-server-core 1:3.6.3-0ubuntu1.4+esm2 Available with Ubuntu Pro After a standard system update you need to restart the mongodb service to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8160-1 CVE-2025-14847