[CLSA-2026:1783791892] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-07-11 17:45:06 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:5aa096753e94eb39d93f6c79bc386f9b89aaef16857197f58736bbcfc6921d5f
  • nginx-all-modules-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:4ee9467772a7e6454f3f877a0478e213ec680c05befa29d0b43d20a78961df8c
  • nginx-filesystem-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:bcd4890b3e8ff96fd8fcd71383ca203a70f31a5bf9f0b671b5ec7b246222fd92
  • nginx-mod-devel-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:2e68bec995c08fe7c08412fec6d1ebcc991e29df64046857490ea210adf2b1c5
  • nginx-mod-http-image-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:151e92148b79567174b6a1503dc2cfc56b6eb10c91b091f0451c945b738fd0ac
  • nginx-mod-http-perl-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:8eb1e19e7c7cace812141250f8324f5fb50cce71199a56aa84e1b4e4708ad1fb
  • nginx-mod-http-xslt-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:c2edf57fb98e914e45d4bdbe0eef2979ce54ea1fbbfa28d731fec12d8ced45af
  • nginx-mod-mail-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:96f768582d017a715f2fa7c4c9d39c68e6c89bb23e8d2ecf2d720bc69cef59ac
  • nginx-mod-stream-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:35dfb469219f0cab3fc5646a6c4ad9ff42284dad514283de9c512628d92a9731
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.