[CLSA-2026:1779804603] Fix CVE(s): CVE-2026-9256
Type:
security
Severity:
Low
Release date:
2026-05-26 14:10:17 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ngx_http_rewrite_module via overlapping PCRE captures in replacement strings - debian/patches/CVE-2026-9256.patch: recompute buffer length per capture (including escaping) in ngx_http_script_regex_start_code to prevent buffer overrun when redirect parameter is used or arguments appear in the rewrite replacement string - CVE-2026-9256
Updated packages:
  • libnginx-mod-http-auth-pam_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:db01a435985144418c4579c4190f642d31295b6e
  • libnginx-mod-http-cache-purge_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:4fc609b0a0952e2ce19da031cd3c98d2ede80029
  • libnginx-mod-http-dav-ext_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:5bec9c8e60ccf8e3548dec61ac66b676dee8f3a6
  • libnginx-mod-http-echo_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:e157654bb32f1262d3b84c409921e1ef4516616d
  • libnginx-mod-http-fancyindex_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:e987977241ecf23f7023af77acaae26a580eef88
  • libnginx-mod-http-geoip_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:7c4686927c55705cabf4a0debfef3302ad913a66
  • libnginx-mod-http-headers-more-filter_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:e7b9b8676ad43cc3098fdd081fa92b3abe372526
  • libnginx-mod-http-image-filter_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:1bbcc0277a8e564a8a89cedd8cec434359fb1961
  • libnginx-mod-http-lua_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:fece6d2ecef1c71b0dcf789be8cde63332a1a6f2
  • libnginx-mod-http-ndk_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:9056d26ddc94e046b0077162b28429deaf1c5c7d
  • libnginx-mod-http-perl_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:728f0c8583cf5fc779a887097dea79d5fd91096b
  • libnginx-mod-http-subs-filter_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:36761bba136e33ba75cca80c151055ca41881b6d
  • libnginx-mod-http-uploadprogress_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:eadc447108a3a8efb24555b5faaacca319beb5fc
  • libnginx-mod-http-upstream-fair_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:e85754c14f6282d96af442eaf605e92e072fd9f8
  • libnginx-mod-http-xslt-filter_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:579e0334292ddaf6ef0c9549cd37fc0ee52c48eb
  • libnginx-mod-mail_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:d29226aab16183d9c66162bbb8bcab109a9624c2
  • libnginx-mod-nchan_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:44f0e62699395e1838f195eeea8a504e3d348e1f
  • libnginx-mod-rtmp_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:d1f1497fd55ab1c4ac56871ac1655c13848c0570
  • libnginx-mod-stream_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:8849d43b962c5a57647414ee4d4ede48228f68af
  • nginx_1.14.2-2+deb10u5+tuxcare.els3_all.deb
    sha:78a5e0a8b0cd3b8a25e705baae8341bc8950cbd0
  • nginx-common_1.14.2-2+deb10u5+tuxcare.els3_all.deb
    sha:725ba3cc6fec727b6a1673ee80aef51af91492ac
  • nginx-doc_1.14.2-2+deb10u5+tuxcare.els3_all.deb
    sha:4b0412cd530d4c98ebe58d5fa3bba504c3a0ab67
  • nginx-extras_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:b466475da090f639ff18125990bc899e8cad018e
  • nginx-full_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:d5777db69561193d32aa1049b8f7cde8a13e921d
  • nginx-light_1.14.2-2+deb10u5+tuxcare.els3_amd64.deb
    sha:4ad2b8f879c3994293e8caceab5876391ad8b8da
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.