Release date:
2026-05-27 10:42:22 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ngx_http_rewrite_module with
overlapping PCRE captures
- debian/patches/CVE-2026-9256.patch: account per-capture escape sizing
in ngx_http_script_regex_start_code so the allocated buffer matches
the replacement length when captures overlap
- CVE-2026-9256
Updated packages:
-
nginx1.25_1.25.5-1~trixie+tuxcare.els5_amd64.deb
sha:61664b3dbd40830c0a43cf1df1e31f689f62d621
-
nginx1.25_1.25.5-1~trixie+tuxcare.els5_arm64.deb
sha:2369ebd2952dcc39f8aaa6ac953046367ccd12c6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
