[CLSA-2026:1783791996] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-07-12 19:22:39 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:2b47ea1bd587392c09e0e74febc03896f50290fc21f907c39d85dbbf2e5445e6
  • nginx-all-modules-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:b99f854ca16a19e14f25db42a988b146312ad96cb72a42e87ab21189ab31aad1
  • nginx-filesystem-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:aa8de07e3fdaea8f634a4ddabf36d320985af2b71406505ef3931b6e6d634489
  • nginx-mod-devel-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:b5726fddb199cde2881897482bdf91856700e553d4343abc46591c31a0cfca7a
  • nginx-mod-http-image-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:56646759340e4f083f6f574bd5f9d0dd08776301c7eaff6cf3e2b7078539b58f
  • nginx-mod-http-perl-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:390243b7b5335db30183fcecaa856da4a325b92f82159bd5bc2ea82d857c1a21
  • nginx-mod-http-xslt-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:74385c2ec2ab978c8e0f467390ddec50cd5b7a6a479c9a4272fa0e3cdfdb56c7
  • nginx-mod-mail-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:a55a8c8d169ecf37f53ad2fd19f700e7be902d5941b3126bfed5c1dce3ac46cc
  • nginx-mod-stream-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:4629fda5752403f383919e04d6803543a502ec9eee1dc8af96587c588b5b4040
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.