Release date:
2026-04-25 09:02:48 UTC
Description:
* SECURITY UPDATE: uninitialized stack memory disclosure via filemd5 command
- debian/patches/CVE-2026-4147.patch: zero-initialize md5_state_t in
md5_init() to prevent leaking uninitialized buf[64] field via the
md5state response field when partialOk: true is set
- CVE-2026-4147
Updated packages:
-
mongodb42_4.2.25-1+tuxcare.els7_amd64.deb
sha:657ef9ebb6e2ffafbb3d83ab185c9d1c27779cb5
-
mongodb42-mongos_4.2.25-1+tuxcare.els7_amd64.deb
sha:31ab11e0a9b650baa47e70ff01b6f2aa91b2c729
-
mongodb42-server_4.2.25-1+tuxcare.els7_amd64.deb
sha:5b2057a7d8dfe6739a984cdec6e8b80521105fbc
-
mongodb42-shell_4.2.25-1+tuxcare.els7_amd64.deb
sha:5af3fa0c056a5762d8892b604a9f763326ce84ea
-
mongodb42_4.2.25-1+tuxcare.els7_arm64.deb
sha:fe8c508bebd27b30d456534ff75afa5743ba9fbe
-
mongodb42-mongos_4.2.25-1+tuxcare.els7_arm64.deb
sha:532ec3120dd87e3b92bbe95e4b2dd7f701321bf8
-
mongodb42-server_4.2.25-1+tuxcare.els7_arm64.deb
sha:98ac2c2e4010d1ec5f645ce5c4bd43a8cc0f96f2
-
mongodb42-shell_4.2.25-1+tuxcare.els7_arm64.deb
sha:0a27b53ccca2f5c710d5e66d35e612dff16d0c90
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
