Release date:
2026-07-13 11:29:40 UTC
Description:
* SECURITY UPDATE: Use-after-free in QUIC ngx_quic_buffer_t handling
- debian/patches/CVE-2024-34161.patch: reset the last_chain field to
NULL in ngx_quic_free_buffer so it no longer references freed chains
and buffers after the buffer is freed, preventing a potential
use-after-free
- CVE-2024-34161
Updated packages:
-
nginx1.25_1.25.5-1~trixie+tuxcare.els12_amd64.deb
sha:5cf2879e32d736cd00b071dac92901aefbba4675
-
nginx1.25_1.25.5-1~trixie+tuxcare.els12_arm64.deb
sha:26924ce675220da790a306a29f6041d061eaba46
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.