Release date:
2026-07-15 15:58:50 UTC
Description:
* SECURITY UPDATE: Incomplete authorization check for the profile command
misclassifies a filter-altering request as read-only
- debian/patches/CVE-2026-25609.patch: consider 'filter' in the profile
command authorization check so that a {profile: -1, filter: ...} request
requires enableProfiler instead of only find on system.profile
- CVE-2026-25609
Updated packages:
-
mongodb44_4.4.29-1+tuxcare.els12_amd64.deb
sha:6ba55a2ac4f6c02ac6447eff5a0f73617bccca43
-
mongodb44-mongos_4.4.29-1+tuxcare.els12_amd64.deb
sha:dbabc8a5b82be3255b328543863d0bde1d08b253
-
mongodb44-server_4.4.29-1+tuxcare.els12_amd64.deb
sha:27c85046bc0dcbad2da9a2305af4d219edc4ff03
-
mongodb44-shell_4.4.29-1+tuxcare.els12_amd64.deb
sha:870dead424b611a6dbc47c7f2f47aa0bc151b808
-
mongodb44_4.4.29-1+tuxcare.els12_arm64.deb
sha:13c684eb4b2a134246b6bb663ddcb7f0cb74d13f
-
mongodb44-mongos_4.4.29-1+tuxcare.els12_arm64.deb
sha:6a31dce8a8fca05241b014c9837f28d2366dd9e5
-
mongodb44-server_4.4.29-1+tuxcare.els12_arm64.deb
sha:cd86e0a0427ed341cbbc16e7d21489153f0f4571
-
mongodb44-shell_4.4.29-1+tuxcare.els12_arm64.deb
sha:a3917cfa8001b34c7a30cade90448bdc67486af1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.