Release date:
2026-03-27 10:33:32 UTC
Description:
* SECURITY UPDATE: TLS peer certificate validation bypass
- debian/patches/CVE-2024-1351.patch: add SSL_CTX_set_verify() call in
_setupSystemCA(), remove hasCA bypass in parseAndValidatePeerCertificate(),
add tlsUseSystemCA server parameter, require either tlsCAFile or
tlsUseSystemCA when TLS is enabled to prevent accepting peer connections
without validating certificates.
- CVE-2024-1351
Updated packages:
-
mongodb42_4.2.25-1+tuxcare.els3_amd64.deb
sha:9ebaafae6d1b75cf78099d0cdca6bf1730c362f7
-
mongodb42-mongos_4.2.25-1+tuxcare.els3_amd64.deb
sha:c4ec621f939369a80ab9aaad34acff7dbc2afec4
-
mongodb42-server_4.2.25-1+tuxcare.els3_amd64.deb
sha:d0466a8d7f2e585b37927c98fe796f2ad5fbecc2
-
mongodb42-shell_4.2.25-1+tuxcare.els3_amd64.deb
sha:750416a10081b0ba6cf3d30c04b07fc8925635f1
-
mongodb42_4.2.25-1+tuxcare.els3_arm64.deb
sha:c984a85c51faeb527f8c43107393228d0727bde2
-
mongodb42-mongos_4.2.25-1+tuxcare.els3_arm64.deb
sha:ecb61143eb644438b41c0cc2dc39e0b04d97814b
-
mongodb42-server_4.2.25-1+tuxcare.els3_arm64.deb
sha:ac5dd438a5dd5cac945bb0b6199d903ddaff1c01
-
mongodb42-shell_4.2.25-1+tuxcare.els3_arm64.deb
sha:dd3758c37a77a5aefd4ad59c2cd3931e4da89c27
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
