[CLSA-2026:1784130253] Fix CVE(s): CVE-2026-25609
Type:
security
Severity:
Moderate
Release date:
2026-07-15 15:44:29 UTC
Description:
* SECURITY UPDATE: Incomplete authorization check for the profile command misclassifies a filter-altering request as read-only - debian/patches/CVE-2026-25609.patch: consider 'filter' in the profile command authorization check so that a {profile: -1, filter: ...} request requires enableProfiler instead of only find on system.profile - CVE-2026-25609
CVEs fixed:
Updated packages:
  • mongodb44_4.4.29-1+tuxcare.els12_amd64.deb
    sha:6ba55a2ac4f6c02ac6447eff5a0f73617bccca43
  • mongodb44-mongos_4.4.29-1+tuxcare.els12_amd64.deb
    sha:be7c7bd9e01e32edb472a4d0db7474f6b566a167
  • mongodb44-server_4.4.29-1+tuxcare.els12_amd64.deb
    sha:eba93a3b50581f066442dacd433f69b06f558c59
  • mongodb44-shell_4.4.29-1+tuxcare.els12_amd64.deb
    sha:41db854d577dda889797cbff71ffd77c435602f6
  • mongodb44_4.4.29-1+tuxcare.els12_arm64.deb
    sha:13c684eb4b2a134246b6bb663ddcb7f0cb74d13f
  • mongodb44-mongos_4.4.29-1+tuxcare.els12_arm64.deb
    sha:1629962de2b70d459647f883222e8a1e0475213a
  • mongodb44-server_4.4.29-1+tuxcare.els12_arm64.deb
    sha:9f274c043be81d1d67c3673d4b90b6b3725ee6c9
  • mongodb44-shell_4.4.29-1+tuxcare.els12_arm64.deb
    sha:ff75414d0af993403918c1b70d1753b3d5a1ad5c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.