Release date:
2026-04-19 13:57:20 UTC
Description:
* SECURITY UPDATE: Double-free/use-after-free in SBE hash lookup when
duplicate key causes spilling during $lookup aggregation
- debian/patches/CVE-2026-4358.patch: Remove MaterializedRow local variable
in addHashTableEntry() that wrongly takes ownership of view values before
spilling, causing double-free when the destructor runs
- CVE-2026-4358
Updated packages:
-
mongodb6_6.0.26-1+tuxcare.els6_amd64.deb
sha:60eb6d79189f8d765c68b338911262378e5685b8
-
mongodb6-mongos_6.0.26-1+tuxcare.els6_amd64.deb
sha:6bd04588559ecef98cccbb1e6b26cfd578858ed0
-
mongodb6-server_6.0.26-1+tuxcare.els6_amd64.deb
sha:cfa5e4eb853557dcc711821688690d96919f6bdb
-
mongodb6-shell_6.0.26-1+tuxcare.els6_amd64.deb
sha:c65f788fb10c6f4f3c026cd0879347c208e2e8f4
-
mongodb6_6.0.26-1+tuxcare.els6_arm64.deb
sha:8c474de774c13b5495d29d96166c9eededa561fe
-
mongodb6-mongos_6.0.26-1+tuxcare.els6_arm64.deb
sha:60e6ce96a549ea40c9c366c1694c70f10b5680ec
-
mongodb6-server_6.0.26-1+tuxcare.els6_arm64.deb
sha:18025d559a313d0f3266a81e2eff46d798179266
-
mongodb6-shell_6.0.26-1+tuxcare.els6_arm64.deb
sha:7cbb79d33b69f6a30d9542d51db1fb526a78c520
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
