Release date:
2026-03-17 17:31:39 UTC
Description:
* SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched
zlib compressed protocol headers (MongoBleed)
- debian/patches/CVE-2025-14847.patch: Return actual decompressed size
instead of buffer size in ZlibMessageCompressor::decompressData
- CVE-2025-14847
Updated packages:
-
mongodb_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
sha:69bb435e1d8be9d53950716e8ab17e2dafe1de22
-
mongodb-clients_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
sha:e71f490e4d18bc44586d3833560db665b42c9e56
-
mongodb-server_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_all.deb
sha:251f8d81b00822281338ec13eb0c85d12c7ac513
-
mongodb-server-core_3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3+tuxcare.els1_amd64.deb
sha:d23b2c92eaa0cae35bff3948457254ecf296c95e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
