[CLSA-2026:1783792262] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-07-11 17:51:16 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:f4b594ad742816a61f666ce7d74657d096c8e4b5c0a759c450ecdaa55285dbb1
  • nginx-all-modules-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:afa29f097dcfffa71fe5e8221a5ea08be0b46cb6eb4807fb2fbd78e08de63adc
  • nginx-filesystem-1.20.1-10.el7.tuxcare.els5.noarch.rpm
    sha:48e32d4786f7e2fe62faae6a4b1b70e3784b74ade344ab5c52def5222521ce74
  • nginx-mod-devel-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:9a58de924369fb7a22cdb802aae85d67e0f743361932e36d18910f446a435b18
  • nginx-mod-http-image-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:0c641aea3af20a8c4004029f3dd3f9fd1c9789491d2df61bf38b3bac2967616d
  • nginx-mod-http-perl-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:c130d30e74a927022d6165fd1aa8e361bd9a75ebd01b7d92a6fc421ba2eec7aa
  • nginx-mod-http-xslt-filter-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:6ff40f58cce216bf76d51fe82b849bec344208ae7a2527c9146f5e78c7674b3a
  • nginx-mod-mail-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:be7003808d7296ee2315f0a9dd78f4938fc511923815b5b47a736785090de9f6
  • nginx-mod-stream-1.20.1-10.el7.tuxcare.els5.x86_64.rpm
    sha:75e080758b10bd4b026caa2af24ce62c6a8c2e4d69699e170b5f69e53fca2612
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.