Release date:
2026-05-27 15:50:24 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ngx_http_rewrite_module with
overlapping PCRE captures
- debian/patches/CVE-2026-9256.patch: account per-capture escape sizing
in ngx_http_script_regex_start_code so the allocated buffer matches
the replacement length when captures overlap
- CVE-2026-9256
Updated packages:
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els5_amd64.deb
sha:f479c06386dedd467cafad7ae5430c4106b70d80
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els5_arm64.deb
sha:c35d0c8d82d25e5fed3e031669d4f24398909adc
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
