[CLSA-2026:1779779509] Fix CVE(s): CVE-2026-42945
Type:
security
Severity:
Important
Release date:
2026-05-26 08:12:19 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module due to is_args flag not being cleared after a rewrite with arguments - debian/patches/CVE-2026-42945.patch: clear e->is_args after regex in src/http/ngx_http_script.c - CVE-2026-42945
Updated packages:
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:f8dd41d191876543280202869b7b030d9b13b386
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:b2497a2f565b80dce715ba0135dfbdae0c62a5f1
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:db7cde32e15d0d4517f2631cf6c3ef86e58727ad
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:984208dde758c9072f52c4512f326205026d6c21
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:73cc69e4d16194e904a88ffafb8065b3a97d5782
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:3f52d9bfe266c7a1a3760e54f6cfe6e70c628517
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:274565321244c86dcaf7b36162b6d033693d4fa1
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els4_amd64.deb
    sha:36bffa38ee70d7321f4aa878adc697a694fedf0c
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:324db050d9cc9884fbbd314028db20c3e25e66f7
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:0d23f6c4987c42d4e3a0627234a533f36fa550e5
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:a23461b47a97b00a01d034c1b7a484936095b837
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:7094d16ee10948685a01252635c6d243a1384305
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:ac56e01b29f2de2a3cc77db89dcfde8c3ee71ab9
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:e22106785b7a711a6a7e6e63fa4247ab95b58162
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:4f6faf3064ade55b55c5eb9731351c53216843eb
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:eff169a55c72cce24202507f083904fe3871c8ac
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:74543d2e2fbcb809ffba12b3322cddb36d41d957
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:3d5f7b1be978da02e4260073f798e7f2a8ad2489
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els4_arm64.deb
    sha:520f0f31f89b4e6953fb2a7fbd1a06794096c289
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:324db050d9cc9884fbbd314028db20c3e25e66f7
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:0d23f6c4987c42d4e3a0627234a533f36fa550e5
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els4_all.deb
    sha:a23461b47a97b00a01d034c1b7a484936095b837
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.