Release date:
2026-03-17 14:31:37 UTC
Description:
* SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched
zlib compressed protocol headers (MongoBleed)
- debian/patches/CVE-2025-14847.patch: Return actual decompressed size
instead of buffer size in ZlibMessageCompressor::decompressData
- CVE-2025-14847
Updated packages:
-
mongodb_3.6.3-0ubuntu1.4+tuxcare.els1_amd64.deb
sha:515526d197e40f6752b0f5e293855544ceb4d88d
-
mongodb-clients_3.6.3-0ubuntu1.4+tuxcare.els1_amd64.deb
sha:f577ec7df2df5ed9ad1d5aeb483e0d3b837ac976
-
mongodb-server_3.6.3-0ubuntu1.4+tuxcare.els1_all.deb
sha:db3cd3c380181ff430f90110a5ea097cc1f446ee
-
mongodb-server-core_3.6.3-0ubuntu1.4+tuxcare.els1_amd64.deb
sha:99534a7f6a247bd438a00e5460a6b1c0a91633fc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
