[CLSA-2026:1783591468] Fix CVE(s): CVE-2026-11933
Type:
security
Severity:
Important
Release date:
2026-07-09 10:04:45 UTC
Description:
* SECURITY UPDATE: Use-after-free in bsonObjToArray due to unowned BSON before array conversion - debian/patches/CVE-2026-11933.patch: Call getOwned() on the BSON object in bsonObjToArray before converting it to a JS array - CVE-2026-11933
CVEs fixed:
Updated packages:
  • mongodb6_6.0.26-1+tuxcare.els11_amd64.deb
    sha:354fa2dcd2e84a4fa19ee710240f41cefb7f44de
  • mongodb6-mongos_6.0.26-1+tuxcare.els11_amd64.deb
    sha:92dba8603a7afd1905fb9ad6203e32422ab0cf9e
  • mongodb6-server_6.0.26-1+tuxcare.els11_amd64.deb
    sha:95e241b5bb032f1bf017536dbac517c368bccdcb
  • mongodb6-shell_6.0.26-1+tuxcare.els11_amd64.deb
    sha:924781596776203d22bb1b7e72a44342f28dd7cb
  • mongodb6_6.0.26-1+tuxcare.els11_arm64.deb
    sha:97c666664aa372ba7c3e275a350fc1483c70562c
  • mongodb6-mongos_6.0.26-1+tuxcare.els11_arm64.deb
    sha:6715bc71d727e808ce345cff0e9cfc0fb9c8d875
  • mongodb6-server_6.0.26-1+tuxcare.els11_arm64.deb
    sha:b235dc9579da787caed40c07b4c1cb2b12f57d52
  • mongodb6-shell_6.0.26-1+tuxcare.els11_arm64.deb
    sha:78ac2787b2a575c635ba82201f6782bc7972577e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.