Release date:
2026-04-13 11:23:54 UTC
Description:
* SECURITY UPDATE: Unauthenticated heap memory disclosure via Zlib compressed protocol headers
- debian/patches/CVE-2025-14847.patch: return actual decompressed length
from ZlibMessageCompressor::decompressData() instead of the full buffer
size, preventing uninitialized heap memory from being sent to clients
- CVE-2025-14847
* SECURITY UPDATE: Server crash via specially crafted $group query with $doingMerge
- debian/patches/CVE-2025-10061.patch: replace invariant/verify assertions
with uassert in accumulator merging pass to return a user error instead of
crashing when $doingMerge is used with mismatched input types
- CVE-2025-10061
Updated packages:
-
mongodb44_4.4.29-1+tuxcare.els5_amd64.deb
sha:9a572c226c7199fd4451a6a64906376ae75eba09
-
mongodb44-mongos_4.4.29-1+tuxcare.els5_amd64.deb
sha:efc4218385974c40c6d73b9f625864c616edba9f
-
mongodb44-server_4.4.29-1+tuxcare.els5_amd64.deb
sha:06992ab993a63b76548a6879aabb8cbb5e52da06
-
mongodb44-shell_4.4.29-1+tuxcare.els5_amd64.deb
sha:98a09392421a6130be674eb76448fc8c0d1a6340
-
mongodb44_4.4.29-1+tuxcare.els5_arm64.deb
sha:f3b2cabd132d552e5d22f6c4e26b00eadb797544
-
mongodb44-mongos_4.4.29-1+tuxcare.els5_arm64.deb
sha:0ef22ca19d51ffed9d49c369e6718d6746c2e0ee
-
mongodb44-server_4.4.29-1+tuxcare.els5_arm64.deb
sha:65c0247f7c12d6cff88d2e434a4e129a8022b90f
-
mongodb44-shell_4.4.29-1+tuxcare.els5_arm64.deb
sha:6fa8dc3e062eb431b308ed3ef1f17afb5405da40
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
