Release date:
2026-04-25 09:05:29 UTC
Description:
* SECURITY UPDATE: uninitialized stack memory disclosure via filemd5 command
- debian/patches/CVE-2026-4147.patch: zero-initialize md5_state_t in
md5_init() to prevent leaking uninitialized buf[64] field via the
md5state response field when partialOk: true is set
- CVE-2026-4147
Updated packages:
-
mongodb42_4.2.25-1+tuxcare.els7_amd64.deb
sha:657ef9ebb6e2ffafbb3d83ab185c9d1c27779cb5
-
mongodb42-mongos_4.2.25-1+tuxcare.els7_amd64.deb
sha:b84a34edaef525170bf743db36f37f1ad6f0f6ae
-
mongodb42-server_4.2.25-1+tuxcare.els7_amd64.deb
sha:8ffd7bb96811d1e105f38c12a534e1e4b81a4dc4
-
mongodb42-shell_4.2.25-1+tuxcare.els7_amd64.deb
sha:0aba44df067c82096bfa336d049e722fd8ed74d1
-
mongodb42_4.2.25-1+tuxcare.els7_arm64.deb
sha:fe8c508bebd27b30d456534ff75afa5743ba9fbe
-
mongodb42-mongos_4.2.25-1+tuxcare.els7_arm64.deb
sha:fa374034956689964efca3785432aebf6a366230
-
mongodb42-server_4.2.25-1+tuxcare.els7_arm64.deb
sha:2697dc76382d0027f33c2c1125e1c614b863de97
-
mongodb42-shell_4.2.25-1+tuxcare.els7_arm64.deb
sha:acb5f7d9be989e8b66065d9cf5b622843779bc62
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
