Release date:
2026-05-26 08:10:31 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module
when rewrite is followed by rewrite/if/set with an unnamed PCRE
capture and a replacement string containing '?'
- debian/patches/CVE-2026-42945.patch: clear is_args flag in
ngx_http_script_regex_end_code to prevent state leak across
rewrite/set/if
- CVE-2026-42945
Updated packages:
-
nginx1.23_1.23.4-1~bookworm+tuxcare.els5_amd64.deb
sha:848a460c5d6b4253b70282ed9bdae9c025aec90d
-
nginx1.23_1.23.4-1~bookworm+tuxcare.els5_arm64.deb
sha:9a48ac79e6b1636b45cf41ddb54ee1d7cfff2862
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
