Release date:
2026-04-13 11:26:31 UTC
Description:
* SECURITY UPDATE: Unauthenticated heap memory disclosure via Zlib compressed protocol headers
- debian/patches/CVE-2025-14847.patch: return actual decompressed length
from ZlibMessageCompressor::decompressData() instead of the full buffer
size, preventing uninitialized heap memory from being sent to clients
- CVE-2025-14847
* SECURITY UPDATE: Server crash via specially crafted $group query with $doingMerge
- debian/patches/CVE-2025-10061.patch: replace invariant/verify assertions
with uassert in accumulator merging pass to return a user error instead of
crashing when $doingMerge is used with mismatched input types
- CVE-2025-10061
Updated packages:
-
mongodb44_4.4.29-1+tuxcare.els5_amd64.deb
sha:9a572c226c7199fd4451a6a64906376ae75eba09
-
mongodb44-mongos_4.4.29-1+tuxcare.els5_amd64.deb
sha:e0a0f22b326e7863fa7902fe7d38ebb2b80b6d60
-
mongodb44-server_4.4.29-1+tuxcare.els5_amd64.deb
sha:ad5b9a158001b4ed50994c566492d34de8fb68f9
-
mongodb44-shell_4.4.29-1+tuxcare.els5_amd64.deb
sha:381c453f8092b2901c4f6d112aa4630abc78be8e
-
mongodb44_4.4.29-1+tuxcare.els5_arm64.deb
sha:f3b2cabd132d552e5d22f6c4e26b00eadb797544
-
mongodb44-mongos_4.4.29-1+tuxcare.els5_arm64.deb
sha:96b58549e03e4ed8b63b2c8e7afd83a46c256783
-
mongodb44-server_4.4.29-1+tuxcare.els5_arm64.deb
sha:c0b5b9fbf7e59705ec3f48c3f0c11daeed5ceba5
-
mongodb44-shell_4.4.29-1+tuxcare.els5_arm64.deb
sha:f6f61d1a08213bf73ce1eb7d17385ec00d7f4ebc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
