Release date:
2026-05-27 15:52:23 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module via
overlapping PCRE captures in rewrite directives
- debian/patches/CVE-2026-9256.patch: fix buffer size calculation in
ngx_http_script_regex_start_code to account for overlapping captures
- CVE-2026-9256
Updated packages:
-
nginx1.21_1.21.6-1~bookworm+tuxcare.els7_amd64.deb
sha:c3b98edee15356dc2e6f3a97d94cb78847de59f2
-
nginx1.21_1.21.6-1~bookworm+tuxcare.els7_arm64.deb
sha:31571239d7c45e4138ec917872e48a1f81647daf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
