[CLSA-2026:1783693579] Fix CVE(s): CVE-2024-34161, CVE-2026-40460
Type:
security
Severity:
Moderate
Release date:
2026-07-13 11:29:40 UTC
Description:
* SECURITY UPDATE: Use-after-free in QUIC ngx_quic_buffer_t handling - debian/patches/CVE-2024-34161.patch: reset the last_chain field to NULL in ngx_quic_free_buffer so it no longer references freed chains and buffers after the buffer is freed, preventing a potential use-after-free - CVE-2024-34161
Updated packages:
  • nginx1.25_1.25.5-1~trixie+tuxcare.els12_amd64.deb
    sha:5cf2879e32d736cd00b071dac92901aefbba4675
  • nginx1.25_1.25.5-1~trixie+tuxcare.els12_arm64.deb
    sha:26924ce675220da790a306a29f6041d061eaba46
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.