Release date:
2026-05-26 07:09:28 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module
when rewrite is followed by rewrite/if/set with an unnamed PCRE
capture and a replacement string containing '?'
- debian/patches/CVE-2026-42945.patch: clear is_args flag in
ngx_http_script_regex_end_code to prevent state leak across
rewrite/set/if
- CVE-2026-42945
Updated packages:
-
nginx1.23_1.23.4-1~trixie+tuxcare.els5_amd64.deb
sha:54573a0c9bc41b0c0ecd173e445552561fcdd67f
-
nginx1.23_1.23.4-1~trixie+tuxcare.els5_arm64.deb
sha:dc7a13bd8be62afa94b2205b8b6a6e5558b1b1ef
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
