[CLSA-2026:1774566928] Fix CVE(s): CVE-2024-1351
Type:
security
Severity:
Critical
Release date:
2026-03-27 10:32:25 UTC
Description:
* SECURITY UPDATE: TLS peer certificate validation bypass - debian/patches/CVE-2024-1351.patch: add SSL_CTX_set_verify() call in _setupSystemCA(), remove hasCA bypass in parseAndValidatePeerCertificate(), add tlsUseSystemCA server parameter, require either tlsCAFile or tlsUseSystemCA when TLS is enabled to prevent accepting peer connections without validating certificates. - CVE-2024-1351
Updated packages:
  • mongodb42_4.2.25-1+tuxcare.els3_amd64.deb
    sha:9ebaafae6d1b75cf78099d0cdca6bf1730c362f7
  • mongodb42-mongos_4.2.25-1+tuxcare.els3_amd64.deb
    sha:3b7366c325511aa8b5320b30b540149a2f44695f
  • mongodb42-server_4.2.25-1+tuxcare.els3_amd64.deb
    sha:a4b10402a96a7a5258d63ccad621265dffeae45d
  • mongodb42-shell_4.2.25-1+tuxcare.els3_amd64.deb
    sha:06a40a75372c72827b4150241d030bee6205b9a6
  • mongodb42_4.2.25-1+tuxcare.els3_arm64.deb
    sha:c984a85c51faeb527f8c43107393228d0727bde2
  • mongodb42-mongos_4.2.25-1+tuxcare.els3_arm64.deb
    sha:a9abf1722b3d1ae8c408e60565977497dd0a2813
  • mongodb42-server_4.2.25-1+tuxcare.els3_arm64.deb
    sha:954e07bfeb2010531510fb0cbd5766a67edc83e5
  • mongodb42-shell_4.2.25-1+tuxcare.els3_arm64.deb
    sha:3582067892fa9bf7b7a6a25f81bcfa3bdfd47ffe
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.