[CLSA-2026:1783942005] Fix CVE(s): CVE-2026-40701
Type:
security
Severity:
Moderate
Release date:
2026-07-13 11:27:01 UTC
Description:
* SECURITY UPDATE: use-after-free in ngx_event_openssl_stapling when a client SSL connection is terminated while resolving an OCSP responder, leaving the resolve context un-freed on resolve completion - debian/patches/CVE-2026-40701.patch: track the resolve context on the OCSP context and release it via ngx_resolve_name_done() on connection close in src/event/ngx_event_openssl_stapling.c - CVE-2026-40701
CVEs fixed:
Updated packages:
  • nginx1.27_1.27.5-1~trixie+tuxcare.els13_amd64.deb
    sha:c0f6c4f5151d22dbd983d083f0badf859c82d126
  • nginx1.27_1.27.5-1~trixie+tuxcare.els13_arm64.deb
    sha:4d16df757415fbd840620f3adec494d35517b7c1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.