Release date:
2026-04-19 14:00:02 UTC
Description:
* SECURITY UPDATE: Double-free/use-after-free in SBE hash lookup when
duplicate key causes spilling during $lookup aggregation
- debian/patches/CVE-2026-4358.patch: Remove MaterializedRow local variable
in addHashTableEntry() that wrongly takes ownership of view values before
spilling, causing double-free when the destructor runs
- CVE-2026-4358
Updated packages:
-
mongodb6_6.0.26-1+tuxcare.els6_amd64.deb
sha:60eb6d79189f8d765c68b338911262378e5685b8
-
mongodb6-mongos_6.0.26-1+tuxcare.els6_amd64.deb
sha:b0567a012ac390427340fc89eb99f1c1387b8897
-
mongodb6-server_6.0.26-1+tuxcare.els6_amd64.deb
sha:20f95848ed87ba00086789f5daea996de13a0a00
-
mongodb6-shell_6.0.26-1+tuxcare.els6_amd64.deb
sha:b6adfa92118c448619a1a4a2ee27a78936050e48
-
mongodb6_6.0.26-1+tuxcare.els6_arm64.deb
sha:8c474de774c13b5495d29d96166c9eededa561fe
-
mongodb6-mongos_6.0.26-1+tuxcare.els6_arm64.deb
sha:53b6951513a50768358b75a0c86df4f317dafcaf
-
mongodb6-server_6.0.26-1+tuxcare.els6_arm64.deb
sha:e667644183a6f8a5fcae28f1ce8caf80b7f567c5
-
mongodb6-shell_6.0.26-1+tuxcare.els6_arm64.deb
sha:e291d189746922d639529ec6c77db4974c124408
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
