[CLSA-2026:1784131117] Fix CVE(s): CVE-2026-25609
Type:
security
Severity:
Moderate
Release date:
2026-07-15 15:58:50 UTC
Description:
* SECURITY UPDATE: Incomplete authorization check for the profile command misclassifies a filter-altering request as read-only - debian/patches/CVE-2026-25609.patch: consider 'filter' in the profile command authorization check so that a {profile: -1, filter: ...} request requires enableProfiler instead of only find on system.profile - CVE-2026-25609
CVEs fixed:
Updated packages:
  • mongodb44_4.4.29-1+tuxcare.els12_amd64.deb
    sha:6ba55a2ac4f6c02ac6447eff5a0f73617bccca43
  • mongodb44-mongos_4.4.29-1+tuxcare.els12_amd64.deb
    sha:dbabc8a5b82be3255b328543863d0bde1d08b253
  • mongodb44-server_4.4.29-1+tuxcare.els12_amd64.deb
    sha:27c85046bc0dcbad2da9a2305af4d219edc4ff03
  • mongodb44-shell_4.4.29-1+tuxcare.els12_amd64.deb
    sha:870dead424b611a6dbc47c7f2f47aa0bc151b808
  • mongodb44_4.4.29-1+tuxcare.els12_arm64.deb
    sha:13c684eb4b2a134246b6bb663ddcb7f0cb74d13f
  • mongodb44-mongos_4.4.29-1+tuxcare.els12_arm64.deb
    sha:6a31dce8a8fca05241b014c9837f28d2366dd9e5
  • mongodb44-server_4.4.29-1+tuxcare.els12_arm64.deb
    sha:cd86e0a0427ed341cbbc16e7d21489153f0f4571
  • mongodb44-shell_4.4.29-1+tuxcare.els12_arm64.deb
    sha:a3917cfa8001b34c7a30cade90448bdc67486af1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.