[CLSA-2026:1783702327] Fix CVE(s): CVE-2026-4147, CVE-2026-6915
Type:
security
Severity:
Moderate
Release date:
2026-07-10 16:52:28 UTC
Description:
* SECURITY UPDATE: Information disclosure via uninitialized MD5 hash state returned by filemd5 with partialOk - debian/patches/CVE-2026-4147.patch: Zero-initialize the md5_state_t struct in md5_init() in src/mongo/util/md5.cpp so the padding of the md5state returned by filemd5 partialOk is not leaked - CVE-2026-4147
Updated packages:
  • mongodb6_6.0.26-1+tuxcare.els14_amd64.deb
    sha:0c445100b71856602ec360e8107576d074ab6833
  • mongodb6-mongos_6.0.26-1+tuxcare.els14_amd64.deb
    sha:80441c31fc22d496048000679e10619fd2b2f64b
  • mongodb6-server_6.0.26-1+tuxcare.els14_amd64.deb
    sha:db475a39cb46dbf11fc7d83e9503575c421af2de
  • mongodb6-shell_6.0.26-1+tuxcare.els14_amd64.deb
    sha:f94da8bdcd5d831c3ff5b59f3319ab4893617d7e
  • mongodb6_6.0.26-1+tuxcare.els14_arm64.deb
    sha:89dc1626137f5f48bf4d45c9836c84879e9b0669
  • mongodb6-mongos_6.0.26-1+tuxcare.els14_arm64.deb
    sha:8c4dd06a9608ca4b9a9940176a7a6cf96a421460
  • mongodb6-server_6.0.26-1+tuxcare.els14_arm64.deb
    sha:510a0d1195e50506669ce6b541142ca699413498
  • mongodb6-shell_6.0.26-1+tuxcare.els14_arm64.deb
    sha:95156588a278e11db2b2d564db174136548b8b83
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.