[CLSA-2026:1778869454] Fix CVE(s): CVE-2026-42945
Type:
security
Severity:
Important
Release date:
2026-05-15 18:24:19 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ngx_http_rewrite_module via PCRE unnamed captures with question mark in replacement strings - debian/patches/CVE-2026-42945.patch: clear e->is_args in ngx_http_script_regex_end_code to prevent buffer overrun when rewrite directive is followed by set or if with PCRE captures - CVE-2026-42945
Updated packages:
  • libnginx-mod-http-auth-pam_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:8ab8029281e1a14b560a74641fe0519f3fdb600b
  • libnginx-mod-http-cache-purge_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:14b40450d8eef77cad3417e06bd6e1fe9fe6a252
  • libnginx-mod-http-dav-ext_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:3a005db180a59da0fe44b976bf3be00bb4cac40d
  • libnginx-mod-http-echo_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:09da7e6601227cba90b7a19ebc8b5bf014cf7841
  • libnginx-mod-http-fancyindex_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:bbabc97dd17f458616885de443e3c9a92eec07be
  • libnginx-mod-http-geoip_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:faa860136951e3f62b79764c77a8c9490175a4bb
  • libnginx-mod-http-headers-more-filter_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:19335db88900b439c45319c2b4b45a771ff00d4a
  • libnginx-mod-http-image-filter_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:a28eae7aaef117ebfb2871271d32b17ab496c6f3
  • libnginx-mod-http-lua_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:1159c25dec7e25a098e2cab3ff8fe1e085b52278
  • libnginx-mod-http-ndk_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:1ebaead18f43dbe0d642d2af782f7b13880d85a0
  • libnginx-mod-http-perl_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:eedbe33174e681ac807ed73c861a89b9d4bc2161
  • libnginx-mod-http-subs-filter_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:561a6c42004fee0344e6ea8bb6c6ef6207c1f903
  • libnginx-mod-http-uploadprogress_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:3af0d7d824475913437eaff3ae318fa60fe3cdd3
  • libnginx-mod-http-upstream-fair_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:dc4f74ef6670c9c5d63c731a2e63960e7c36d429
  • libnginx-mod-http-xslt-filter_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:c22948650f186b914669e8fd4d8c6a3da63ef902
  • libnginx-mod-mail_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:a32a0b8dbee43319013fb75caacd5644adfeb1ce
  • libnginx-mod-nchan_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:91eac31b40e73c94665f6efa18275aef0ba8bf9b
  • libnginx-mod-rtmp_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:9a77e2113cb8fcd7a5c0d555cc6c27945cb24710
  • libnginx-mod-stream_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:be9defaef87b06c041c8f111326b0615e76c6d9b
  • nginx_1.14.2-2+deb10u5+tuxcare.els2_all.deb
    sha:c19342b33f359c8396c3ca2d1c8564c7db0433b6
  • nginx-common_1.14.2-2+deb10u5+tuxcare.els2_all.deb
    sha:eeb6e7c65416d84a544ccdb56b139395a8e97e84
  • nginx-doc_1.14.2-2+deb10u5+tuxcare.els2_all.deb
    sha:239af36148d6b04fc9314814591afdbb04fe9e1a
  • nginx-extras_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:a098faf263568857b1541215d5a170a2be7d9616
  • nginx-full_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:fbd199c317b494945d3a6d06083a589691864645
  • nginx-light_1.14.2-2+deb10u5+tuxcare.els2_amd64.deb
    sha:b97038dc083428d94ea685b8edf7e4dd0774e43d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.