[CLSA-2026:1779831935] Fix CVE(s): CVE-2026-9256
Type:
security
Severity:
Low
Release date:
2026-05-27 09:10:56 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module via overlapping PCRE captures in rewrite replacement strings - debian/patches/CVE-2026-9256.patch: fix buffer size calculation per capture in src/http/ngx_http_script.c - CVE-2026-9256
Updated packages:
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:2134ff417c3067e62f6fd69adbd8327e3f144e2b
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:46dd3711f2562ebe685f67c356dd2ad2b0237538
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:bf127f52cfd2cde452e4d4140a9de05a77748695
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:7b58239d36d75864c9787082a6969d7ae8128c5f
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:ecc357defd064bfe97b42ecd43f9d8eead2037d9
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:26846a51288822f6312b6675a7bd0607b9cf90ef
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:a5653f6388293ea41dc0ab90931ec44bd37edfff
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els5_amd64.deb
    sha:d2e3996fa09cb561faf64039c558612b06425089
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:16faf53bba0a33b4172e9453d6e23f98838081fa
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:172eb7df45a9048a9a22fbdbe42d95c51eb25630
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:ee7a6f37c9f3b4a86def1a6884d7fdc8cf8383c5
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:69ac24217dce2f31976a25b85f9f1ee1f9b870cf
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:c41e56fa41988050537e07b5fe425b612009bef7
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:fd935cf4884ab3b1c54febff5bcf567e731c18b5
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:7ff61aa205326efb77a955f68d2d18da122ac558
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:7035d376086ff2b72c56cfa74bda6e7e96d92029
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:2aee0fd943072e48f3291896f5368ba12e4be425
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:f530f40568ae5de717c661443363942de3dc363e
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els5_arm64.deb
    sha:134aacfc557501051ce622d66f1f65ed9f40a375
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:16faf53bba0a33b4172e9453d6e23f98838081fa
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:172eb7df45a9048a9a22fbdbe42d95c51eb25630
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els5_all.deb
    sha:ee7a6f37c9f3b4a86def1a6884d7fdc8cf8383c5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.