Release date:
2026-07-10 16:59:31 UTC
Description:
* SECURITY UPDATE: Missing authorization check when updating a user's
authentication mechanisms
- debian/patches/CVE-2026-6915.patch: Require changePassword (or
changeOwnPassword for self) authorization before allowing the
mechanisms field to be updated in checkAuthForTypedCommand for
the updateUser command
- CVE-2026-6915
Updated packages:
-
mongodb6_6.0.26-1+tuxcare.els13_amd64.deb
sha:35e5bf1e90850e503e633286db9ca8434d51a3b0
-
mongodb6-mongos_6.0.26-1+tuxcare.els13_amd64.deb
sha:6925f33859a6283371b0a12903a4ab76b4f6dec7
-
mongodb6-server_6.0.26-1+tuxcare.els13_amd64.deb
sha:83fcf60c8d6ad4963c715545d54910ce9a2465e1
-
mongodb6-shell_6.0.26-1+tuxcare.els13_amd64.deb
sha:9e3dff8da4a5c47f1e4902e433e4c00d0a383860
-
mongodb6_6.0.26-1+tuxcare.els13_arm64.deb
sha:15c830962cbe964f48704274a12d061d2745de83
-
mongodb6-mongos_6.0.26-1+tuxcare.els13_arm64.deb
sha:cecd4e2b878ca401bbc8d3e2d7acd8119969cc5d
-
mongodb6-server_6.0.26-1+tuxcare.els13_arm64.deb
sha:fa4e18f4aef0002167a6b8c8b707b4193190fdc0
-
mongodb6-shell_6.0.26-1+tuxcare.els13_arm64.deb
sha:26fbf27ea291ad74678a1eac2f3cdb3f05ac415f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.