[CLSA-2026:1779712300] Fix CVE(s): CVE-2026-9256
Type:
security
Severity:
Low
Release date:
2026-05-25 12:31:45 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module with overlapping captures - debian/patches/CVE-2026-9256.patch: fix heap buffer overflow in ngx_http_script_regex_start_code() when a rewrite replacement string with no variables has overlapping captures, by moving the per-capture length accumulation and ngx_escape_uri() call inside a single loop over the actual captures buffer. - CVE-2026-9256
Updated packages:
  • libnginx-mod-http-auth-pam_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:723720b5174625608d201c507f6fc54ad53fceb7
  • libnginx-mod-http-cache-purge_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:bd6f2ff36621a0150c6fd3b0e28249260d9346e9
  • libnginx-mod-http-dav-ext_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:9182cd0b039f8eaa610ef46997a5c6ad93ac6c44
  • libnginx-mod-http-echo_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:05fa6577c3918859708b370e43c92b355f81a09d
  • libnginx-mod-http-fancyindex_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:51aab2da9c7ecc1e37eccf624566838bba6dd99b
  • libnginx-mod-http-geoip_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:fbd5444fe91e60ffe36f9da8987842ea661bd77d
  • libnginx-mod-http-geoip2_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:a8c3339988353ddfafbf0b0585fb2e1676ee3b03
  • libnginx-mod-http-headers-more-filter_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:5a4244622cd039085c1b5eb02bb06e44ac645d4b
  • libnginx-mod-http-image-filter_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:f9dfae1000438e1f193368ac6a89da45bc688b5f
  • libnginx-mod-http-lua_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:6014263c43aeb10df0bd2dfc077c16a68cb171fe
  • libnginx-mod-http-ndk_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:6a8782c1aae0cbd79fac7c177d602216b75096c1
  • libnginx-mod-http-perl_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:a36a6d61a9f01ef6e439396b91af49994c2ba7a9
  • libnginx-mod-http-subs-filter_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:2d382b9d457c62f34b943a0a0226c0dab29d3969
  • libnginx-mod-http-uploadprogress_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:eda810f35b790457b2f1081fa86d5d3dabb5a0a5
  • libnginx-mod-http-upstream-fair_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:4fd3b302dc5866541027380790a00e0bcb459091
  • libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:e7e1c05ad51d0be1bec390acf5d04463eba4dffe
  • libnginx-mod-mail_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:e8e1289d7420f34bdee3a54f1ff48098634e9eda
  • libnginx-mod-nchan_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:9afee2f90154601304d36fbe3ba812dbc8b6fac9
  • libnginx-mod-rtmp_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:ff902bb0a928ee9739f42f3acef052e89494db73
  • libnginx-mod-stream_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:a629d65992717fa61c8bae6ab290dcc5e59e283a
  • nginx_1.18.0-0ubuntu1.7+tuxcare.els3_all.deb
    sha:832e714cf403d11be5e1924bc6e9ca60f8b52ecb
  • nginx-common_1.18.0-0ubuntu1.7+tuxcare.els3_all.deb
    sha:f80bea98f1d489c7691188b96a60b595be1fddf0
  • nginx-core_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:b8d71db991a782ba142a02831e847b87318fb5d0
  • nginx-doc_1.18.0-0ubuntu1.7+tuxcare.els3_all.deb
    sha:108b7f38ec861c07fbcf1d077101e9d035340cb6
  • nginx-extras_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:aeed018ff028a33db52777498683c9a671428974
  • nginx-full_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:561e454386dc514d13393a59c55fd99bf2d7f82a
  • nginx-light_1.18.0-0ubuntu1.7+tuxcare.els3_amd64.deb
    sha:d3bdedb464b93ca06d55430746656fd20bcac17b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.