Release date:
2026-07-10 14:23:29 UTC
Description:
* SECURITY UPDATE: Missing authorization check when updating a user's SCRAM
authentication mechanisms
- debian/patches/CVE-2026-6915.patch: require changePassword (or
changeOwnPassword on self) authorization before allowing the mechanisms
field to be changed in checkAuthForUpdateUserCommand in
src/mongo/db/commands/user_management_commands_common.cpp; add coverage
in jstests/auth/user_management_commands_mechanisms.js
- CVE-2026-6915
Updated packages:
-
mongodb42_4.2.25-1+tuxcare.els14_amd64.deb
sha:091e56fb1555e0335bbbb4862ef59b8c70d1a652
-
mongodb42-mongos_4.2.25-1+tuxcare.els14_amd64.deb
sha:598a199245c0984e01b881597b5c8e0c0c2caea9
-
mongodb42-server_4.2.25-1+tuxcare.els14_amd64.deb
sha:d8b84f3cac99fb4d9a42a5208a54477fe2a9a9eb
-
mongodb42-shell_4.2.25-1+tuxcare.els14_amd64.deb
sha:f47251bfbe114d35cad6201c7eb6b16bdb8d0b82
-
mongodb42_4.2.25-1+tuxcare.els14_arm64.deb
sha:ee92312949cf40e5d21ff1f7f0039253234b603c
-
mongodb42-mongos_4.2.25-1+tuxcare.els14_arm64.deb
sha:9cb24e1fc94546b7310a5b84436fcc3b07400c38
-
mongodb42-server_4.2.25-1+tuxcare.els14_arm64.deb
sha:df7533c91b4ede2abe09ee5e9567719cd00f01d7
-
mongodb42-shell_4.2.25-1+tuxcare.els14_arm64.deb
sha:faaa2f1fd93c815b0b8ac2b3de0b786716146739
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.