[CLSA-2026:1783693393] Fix CVE(s): CVE-2026-6915
Type:
security
Severity:
Moderate
Release date:
2026-07-10 14:23:29 UTC
Description:
* SECURITY UPDATE: Missing authorization check when updating a user's SCRAM authentication mechanisms - debian/patches/CVE-2026-6915.patch: require changePassword (or changeOwnPassword on self) authorization before allowing the mechanisms field to be changed in checkAuthForUpdateUserCommand in src/mongo/db/commands/user_management_commands_common.cpp; add coverage in jstests/auth/user_management_commands_mechanisms.js - CVE-2026-6915
CVEs fixed:
Updated packages:
  • mongodb42_4.2.25-1+tuxcare.els14_amd64.deb
    sha:091e56fb1555e0335bbbb4862ef59b8c70d1a652
  • mongodb42-mongos_4.2.25-1+tuxcare.els14_amd64.deb
    sha:598a199245c0984e01b881597b5c8e0c0c2caea9
  • mongodb42-server_4.2.25-1+tuxcare.els14_amd64.deb
    sha:d8b84f3cac99fb4d9a42a5208a54477fe2a9a9eb
  • mongodb42-shell_4.2.25-1+tuxcare.els14_amd64.deb
    sha:f47251bfbe114d35cad6201c7eb6b16bdb8d0b82
  • mongodb42_4.2.25-1+tuxcare.els14_arm64.deb
    sha:ee92312949cf40e5d21ff1f7f0039253234b603c
  • mongodb42-mongos_4.2.25-1+tuxcare.els14_arm64.deb
    sha:9cb24e1fc94546b7310a5b84436fcc3b07400c38
  • mongodb42-server_4.2.25-1+tuxcare.els14_arm64.deb
    sha:df7533c91b4ede2abe09ee5e9567719cd00f01d7
  • mongodb42-shell_4.2.25-1+tuxcare.els14_arm64.deb
    sha:faaa2f1fd93c815b0b8ac2b3de0b786716146739
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.