[CLSA-2026:1779814759] Fix CVE(s): CVE-2026-9256
Type:
security
Severity:
Low
Release date:
2026-05-26 16:59:23 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module via overlapping PCRE captures in rewrite replacement strings - debian/patches/CVE-2026-9256.patch: fix buffer size calculation per capture in src/http/ngx_http_script.c - CVE-2026-9256
Updated packages:
  • libnginx-mod-http-geoip-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:cca75c6a0f134be7228e21da3fc8667471371bdf
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:8a0ac12ca7acb46b3d42c96b40e061be2f7f7f2b
  • libnginx-mod-http-perl-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:8c1d744413e483148877a2ba7551862d6e37b636
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:fa4d6455790d3bb27c4ce375025754040b0538b1
  • libnginx-mod-mail-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:b3e4be710de40f34fe9bfcaaaf746fead86310ff
  • libnginx-mod-stream-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:5773070e8f36f6ec1e526f28047421b2308a8223
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:e3b35169ed7f0b8d3ef04258429c79b6a0c04172
  • nginx1.26_1.26.3-3~trixie+tuxcare.els5_amd64.deb
    sha:b84859ac170399d3c236d36b269c6960071ffd57
  • nginx1.26-common_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:047660bb84de8f3a437c556f515a5349ec999b74
  • nginx1.26-dev_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:c631258d3e0dfa43b6737a3ea03ac7b23ba84284
  • nginx1.26-doc_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:46a3467a6e93521db65492960313bbaca320a0e8
  • libnginx-mod-http-geoip-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:e22477500f3408ddddd150d0a11c14fa2d0fd907
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:0f9710e78fbae1eb35b64704f25c82e4e48ef1d5
  • libnginx-mod-http-perl-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:2105b446ea82f56db0e25cbd4ad9870aacc0ca0d
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:b388a795be469344d5864bab1c14cd1be3ca51b3
  • libnginx-mod-mail-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:43bf808a00fc1d747f770a2082fbac82ff092e7f
  • libnginx-mod-stream-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:ade673c1f53c2abaed98efbf2762b2c235f625b6
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:8a95740c60715581dc2387da15c7107b805be180
  • nginx1.26_1.26.3-3~trixie+tuxcare.els5_arm64.deb
    sha:48963b459d9a28e47ba47b2b42dbde8b2d31ad8d
  • nginx1.26-common_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:047660bb84de8f3a437c556f515a5349ec999b74
  • nginx1.26-dev_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:c631258d3e0dfa43b6737a3ea03ac7b23ba84284
  • nginx1.26-doc_1.26.3-3~trixie+tuxcare.els5_all.deb
    sha:46a3467a6e93521db65492960313bbaca320a0e8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.