Release date:
2026-06-10 11:58:56 UTC
Description:
* SECURITY UPDATE: excessive memory allocation and out-of-bounds read in
ngx_http_scgi_module and ngx_http_uwsgi_module status line parsing
- debian/patches/CVE-2026-42946.patch: save u->buffer.pos into
r->header_name_start before parsing the status line and restore it on
the NGX_ERROR fallback in ngx_http_scgi_process_status_line() and
ngx_http_uwsgi_process_status_line(), then reset r->state to 0 so an
unrecognised upstream status line no longer leaves the parser in a
stale state that can over-read worker process memory or crash the
worker; the same backtracking is also applied to ngx_http_proxy_module
- CVE-2026-42946
Updated packages:
-
libnginx-mod-http-auth-pam_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:681a543f1e35d7339d271156ca75beafa16f0637
-
libnginx-mod-http-cache-purge_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:c0243b077428733608d72824e17b76cd736a4e49
-
libnginx-mod-http-dav-ext_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:f9505014b06ab65a4318cfb9b72d14e6f5c59439
-
libnginx-mod-http-echo_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:e7c246cf8902c844f746a1bffa0f8dc5fed5ef5d
-
libnginx-mod-http-fancyindex_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:0416ea20dbd1a9ef2127e520a376919d9063b6ae
-
libnginx-mod-http-geoip_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:bd06a579a294b147f37bc920fc7450db33e9921f
-
libnginx-mod-http-geoip2_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:3ec6cd776b5ed05c1f439b6b7b1ae9c6a4d3eee8
-
libnginx-mod-http-headers-more-filter_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:7351f2409a293368cecb404829d995774df8e766
-
libnginx-mod-http-image-filter_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:836b746dd252ba7f911d1facac1783cfa7d06e1b
-
libnginx-mod-http-lua_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:4a79abf97968f117bb9dccb7e68c303eae36563f
-
libnginx-mod-http-ndk_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:9c16d3b991375bbc9eb714c677bdc81548ca1099
-
libnginx-mod-http-perl_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:f882641b676d05332b41fb4a7827242c1c3685f4
-
libnginx-mod-http-subs-filter_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:81faaa5e3f2daadd59fe37fc39bd2ceadcf2a17a
-
libnginx-mod-http-uploadprogress_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:0d157226cd6393fa8c5d7628acb4346ec97852a6
-
libnginx-mod-http-upstream-fair_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:c7c98711c6c82cadc968d925974675d536d41038
-
libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:d8e53fbe2c794e7a89833d8f83b129fff599c78e
-
libnginx-mod-mail_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:e9f9851590bf0177e633ce7819e41bc1f80a55ce
-
libnginx-mod-nchan_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:1b1492be795962ba1a3e35fc2149a80fe1486544
-
libnginx-mod-rtmp_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:796d285b1b2a49afd41451b1399ce889c92a48f8
-
libnginx-mod-stream_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:7067eb5b723cde3c0843fb28e4f5ba623bbf266b
-
nginx_1.18.0-0ubuntu1.7+tuxcare.els6_all.deb
sha:922a7cecbe7670994256cea8169ef4016cccacb9
-
nginx-common_1.18.0-0ubuntu1.7+tuxcare.els6_all.deb
sha:1562bdbb6e13ab66a7c463cef74a33b4c81ab375
-
nginx-core_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:f6861a81ca5e9c262afb77f6de0d578765257c7c
-
nginx-doc_1.18.0-0ubuntu1.7+tuxcare.els6_all.deb
sha:2378a32151861b5b1d529aa82f1a14a52b152d9f
-
nginx-extras_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:cf461a4df6e3d9522f89c78f7945eea1321994d9
-
nginx-full_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:23fa9fe0d54238b0eeb0239247e9ed35178028f5
-
nginx-light_1.18.0-0ubuntu1.7+tuxcare.els6_amd64.deb
sha:8ca841eb24ee7e276aa052fba8389e9a04005146
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
