Release date:
2026-07-06 11:49:06 UTC
Description:
* SECURITY UPDATE: buffer over-read in ngx_http_charset_recode_from_utf8()
when a multi-byte UTF-8 character is split across 3+ single-byte buffers,
where the saved-array index was used both as the ngx_utf8_decode() byte
count and the ngx_memcpy() copy length, reading past the input buffer
- debian/patches/CVE-2026-42934.patch: use ngx_min() to bound the copy
length and pass the byte count instead of the loop index, and adjust
the advanced pointer up to the whole saved sequence to avoid a residual
1-byte overread on invalid UTF-8 sequences in
src/http/modules/ngx_http_charset_filter_module.c
- CVE-2026-42934
Updated packages:
-
nginx1.27_1.27.5-1~trixie+tuxcare.els8_amd64.deb
sha:f24ebea59ccbffd5cda9d1585722121bf29dfcc7
-
nginx1.27_1.27.5-1~trixie+tuxcare.els8_arm64.deb
sha:f1f2becfe84419ec6896c5a8b08ea29e882ba3ca
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.