Release date:
2026-05-25 12:33:51 UTC
Description:
- CVE-2026-9256: heap buffer overflow in ngx_http_script_regex_start_code()
when a rewrite replacement contains overlapping captures with the redirect
parameter or argument string; the per-capture length accumulation is
refactored to also account for escape-uri expansion per capture region,
preventing under-allocation of the rewrite output buffer
Updated packages:
-
nginx-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:4f431cfe4998f286516bdbe28961f7b0c5b88288948b74a480e078541bf578b0
-
nginx-all-modules-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.noarch.rpm
sha:4427cb9492bcf57e83e31d9b9d03413183a92809a7b22ccda8ce6d7dba021c80
-
nginx-core-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:981f263b2e3f7e9d3cde7f3a03c591389c3bd3b69b16ce9cf4f5b13806304e97
-
nginx-filesystem-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.noarch.rpm
sha:3af764bbe55f38fbf9deeacf6248db557281b147586d6a285444b02f8c836395
-
nginx-mod-devel-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:6168849b7ee3bdf808bd2675fd1d191cf433786c116477356bc7126f70ce1dd1
-
nginx-mod-http-image-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:7b306cf43e416585c4c7cc43b65cdf2f608ec43f767def6d048b8dc349cc400d
-
nginx-mod-http-perl-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:3f15384123cdaf9ee3e8b8ad612ad49883563308a753f263cf0784781579fb57
-
nginx-mod-http-xslt-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:a71bbb9c56f75bc5c0b10609ee86c581cbf30e4c5d77f5c03d57a6bcda6cbf1f
-
nginx-mod-mail-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:fa5738ad2cb5b1597c37a09fb88ac119e63acef9ec9e5e2164f4eab68fbe1e5a
-
nginx-mod-stream-1.20.1-14.el9_2.1.alma.1.tuxcare.els9.x86_64.rpm
sha:18c5bb58d2bf471b25a01b043e8a212e1df0757e3bcec4db9d574a366698c80f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
