[CLSA-2026:1783632803] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-07-09 21:33:39 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:b7ebca4a2357eeb3aa57eab392db1b2aba158c4e7c8511a4e2b8e214bb097e57
  • nginx-all-modules-1.10.3-4.el6.tuxcare.els10.noarch.rpm
    sha:fdeff2b9d1f08b2d90832328f3d7d4c0314b4466aa4020e395709917fbf6cc36
  • nginx-filesystem-1.10.3-4.el6.tuxcare.els10.noarch.rpm
    sha:ac56fe8f5f8b13dd7a11105f08efa0f70e2251366e9943bd478f53869f2f49b6
  • nginx-mod-http-geoip-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:aff9f2197525383a825e431ccb77f380a934e759a40f3c3d571f506fea13db7e
  • nginx-mod-http-image-filter-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:7887c80bdddacf4301b4913be945dbd9c8526f20a6607c008682a826f7d75556
  • nginx-mod-http-perl-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:701dd2b1853ecbf580ecefcfaceaa2325379d1556adcc0a9deb773047d7d3da6
  • nginx-mod-http-xslt-filter-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:882572da5db7e005cd85f55114d145f5ada56eff3c02a8e78ef6a6f2021a3cae
  • nginx-mod-mail-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:2b003a6cf6a52ce5d860891c667ed4f54b6c1719594f3f25d602c5f732dfeca9
  • nginx-mod-stream-1.10.3-4.el6.tuxcare.els10.x86_64.rpm
    sha:fd1f77f81d084daf701f4265a3f3f9a71fe27962ebbc5058ea47a9cda49a8d13
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.