Release date:
2026-07-13 11:17:00 UTC
Description:
* SECURITY UPDATE: Use-after-free in QUIC ngx_quic_buffer_t handling
- debian/patches/CVE-2024-34161.patch: reset the last_chain field to
NULL in ngx_quic_free_buffer so it no longer references freed chains
and buffers after the buffer is freed, preventing a potential
use-after-free
- CVE-2024-34161
Updated packages:
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els12_amd64.deb
sha:d86fb87327b8e2b5948e9d9354b84bc401f8b29c
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els12_arm64.deb
sha:56086413caae6e84624148febf09dba1cfd3f6d3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.