Release date:
2026-05-27 10:39:42 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module via
overlapping PCRE captures in rewrite directives
- debian/patches/CVE-2026-9256.patch: fix buffer size calculation in
ngx_http_script_regex_start_code to account for overlapping captures
- CVE-2026-9256
Updated packages:
-
nginx1.21_1.21.6-1~trixie+tuxcare.els7_amd64.deb
sha:a37625fded00461276dd3330fdefaa14cb8dea26
-
nginx1.21_1.21.6-1~trixie+tuxcare.els7_arm64.deb
sha:c7c4cc79becb14655d2f16e8799ff866438f4668
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
