Debian alert DLA-4438-1 (mongo-c-driver)

From:
             
 
"Roberto C. Sánchez" <roberto@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4438-1] mongo-c-driver security update
Date:
             
 
Wed, 14 Jan 2026 11:56:27 -0500
Message-ID:
             
 
<aWfKu8yYvwzUSjqF@localhost>
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4438-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                  Roberto C. Sánchez
January 14, 2026                              https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : mongo-c-driver
Version        : 1.17.6-1+deb11u2
CVE ID         : CVE-2025-12119

A vulnerability has been discovered in mongo-c-driver, the MongoDB C
client library. If large options are passed, mongoc_bulk_operation_t may
read invalid memory.

For Debian 11 bullseye, this problem has been fixed in version
1.17.6-1+deb11u2.

We recommend that you upgrade your mongo-c-driver packages.

For the detailed security status of mongo-c-driver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mongo-c-driver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmlnyroACgkQldFmTdL1
kUJGEA/+LsAKTeL9dEQ5FJXFNsV40jky+OaLZZjHYx5r/P0K1AiNyd9Z5eAxk+5w
0pVX3YS12Vpb5QQBk7WepZSok7MQF3bzOoczhVMDEkUxlOyXtctY1Dx0HF0DsaKA
XTO+mKiG4RWkp2Lv2ISaoKS/FllB3slOM78o/nFrnSXTIn8wZ8dpRF8tQhczS7yT
tYz571xfFZDPEnJZvPcYY8uX2onOCEMgb2735iJ/iO0gT7Npi9+kjPo3Ffl/HA2L
+DjWNLw6YueRc5gyLZbJHL6Epw4racXuqXP6CtgHeu5KbcdQnsiKnwDKPUuwHlYs
yAjFQ864N2JB7BmbqQp5SjNTjUyytpkXJ0LRDjXfqKheQEBhT2DYRdcvd2F4toF0
ciMsuDaFqnCgM4/vaS3CnVjk7X5sHYjtHvD0N9xVt8BwUfdsSuWODrjRezms8YX8
hu0QDCxAYUwRR7+fk3FSrF0ZrsgrgkK0BEkHGDMKJ99X4/3gCklraKwst4cRX7Eu
sLbYsL557317Uo8G9QRuberOlf/+dsr82HhQJFKDE69/0M6VMSYlST44XdAUoqJa
/9n6F8iVRJEOpAUReEE2JuxEj/ucidfRbylgLqDgljtL8En+RBxZdjT9hbkgxObz
3xNK5NaGEb+rzfsgcfYDb5G+ThbtBSOqkj00w72KKWjSaskA95k=
=Zg4l
-----END PGP SIGNATURE-----