[CLSA-2026:1783791998] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-07-11 17:46:52 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:478fcb00778afe261e4bdcd321dacdd853e899a979c3d8bf3556d98a029b0cfe
  • nginx-all-modules-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:31ec02886b9814a2fccb394a7e4d84020eb0a8cf301b8f4c98fcd6357748d0bd
  • nginx-filesystem-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:3acac7a925adb9f87ea6f2f79b8e96df98613a647ba0cbd06d5a18a9d06ae643
  • nginx-mod-devel-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:6734f30417c4ddf769c0153362c67abd6d618db58836992fa30185abc0d141e8
  • nginx-mod-http-image-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:47cd3b8f468db7347b86cf7d1124dba65206156aa9f0f69a3b2c9979d87596d1
  • nginx-mod-http-perl-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:b53b6353572b217e0d5f227b9e1c9c91c385c113790604603d42dd729831c3f6
  • nginx-mod-http-xslt-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:383112ba983a73a714ff38e04a8276a53749ba896f5a79bf98efb4cd091a8b48
  • nginx-mod-mail-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:0da681725d94ebc117c1e26c207c5997c8a8b45f9b8a15260d34ef36010f5980
  • nginx-mod-stream-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:b2ae4ff7aa0f04e35033ed625cc2a13341fdcf10702daaa956197bd7ed9782c1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.