[CLSA-2026:1779282813] Fix CVE(s): CVE-2026-42945
Type:
security
Severity:
Important
Release date:
2026-05-20 13:13:49 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in ngx_http_rewrite_module when an unnamed PCRE capture group with '?' in the replacement is followed by another rewrite, if, or set directive - debian/patches/CVE-2026-42945.patch: clear is_args flag at the start of ngx_http_script_regex_end_code() in src/http/ngx_http_script.c so it does not leak into subsequent script code on the same engine. - CVE-2026-42945
Updated packages:
  • libnginx-mod-http-auth-pam_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:226afce2c1e10a8eea65c9b492b94bc6600e3e6c
  • libnginx-mod-http-cache-purge_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:aba0dde1920848bc9fcf5e71627ca7723cf0d975
  • libnginx-mod-http-dav-ext_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:c43ea9889200b8e02919a4ea42f43fa9e43b89a2
  • libnginx-mod-http-echo_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:ba59c69ea75e4622556db9143ce92a7cd105b7a0
  • libnginx-mod-http-fancyindex_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:e29dc3c1bbf54620a6340fe6fbc8b80c8537e7e0
  • libnginx-mod-http-geoip_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:5fb3416741425c9317f64b9e786c039516027c81
  • libnginx-mod-http-geoip2_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:6cd6af55f6935df0fda5fa02555e9c264dbb76af
  • libnginx-mod-http-headers-more-filter_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:db0e614904d9beb1454b269db8311fdfaeda9057
  • libnginx-mod-http-image-filter_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:de067b4b51f6602df10eef90af865628c2245ba3
  • libnginx-mod-http-lua_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:cb00610285218725e0150628cf77e62b90a88094
  • libnginx-mod-http-ndk_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:8316cc16f8ba760695ff50ea084242f5dd2f94e6
  • libnginx-mod-http-perl_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:d51c8cc9172f1ed056a40fe88f8689391e154c4d
  • libnginx-mod-http-subs-filter_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:a32753e66f5b97a36ec7f2fe6b4e68628928fe39
  • libnginx-mod-http-uploadprogress_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:2b72b4e8b37c91296d49e2be165e6f608aae6b7d
  • libnginx-mod-http-upstream-fair_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:a29c29218bd1bcfaa76436cd1dff84c6b1f161ef
  • libnginx-mod-http-xslt-filter_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:77f834c1b002a4e206c321d95d9a642a863ee881
  • libnginx-mod-mail_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:5185e27bb094c9c067199a8669c65517e28fd9d4
  • libnginx-mod-nchan_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:a8be1aa26230b6dcc025a5efefbd9e4eaff16221
  • libnginx-mod-rtmp_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:2e5d0b4f4822df871f355cbe9285e68d87677462
  • libnginx-mod-stream_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:f90bf1b31f4cb22b8a74c99753771e0910026b98
  • nginx_1.18.0-0ubuntu1.7+tuxcare.els2_all.deb
    sha:dddda95f594f709b5b93e065e8508e57fe9903c8
  • nginx-common_1.18.0-0ubuntu1.7+tuxcare.els2_all.deb
    sha:c9813f643d5b5ae8450bc26fe84456a17dfd6639
  • nginx-core_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:5d17d58a8d3a0609eed10a5ec56e3b6a5b630b2a
  • nginx-doc_1.18.0-0ubuntu1.7+tuxcare.els2_all.deb
    sha:b5e733d88baeab26960ba04bf17ba5a5c40de9a4
  • nginx-extras_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:91edbedab28c824cfe3e8ed8c23b8f2dd097d7de
  • nginx-full_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:62b5f69cf7563c26c2fae26c6e768eda7dcb6c9d
  • nginx-light_1.18.0-0ubuntu1.7+tuxcare.els2_amd64.deb
    sha:aa34288ad11acfe1cfb3fd48e05e0619dea6af0a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.