[CLSA-2026:1783696553] nginx: Fix of CVE-2026-42055
Type:
security
Severity:
Low
Release date:
2026-07-10 15:16:09 UTC
Description:
- fix CVE-2026-42055: HPACK field-length validation in HTTP/2 gRPC request builder and HTTP/2 response header filter; fields exceeding NGX_HTTP_V2_MAX_FIELD now return NGX_ERROR instead of overflowing the 4-byte HPACK length prefix
CVEs fixed:
Updated packages:
  • nginx-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:46a13629d1d5c10ec5accd6fc62cfb103ebba5b140174556471ee49e2f0669ca
  • nginx-all-modules-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.noarch.rpm
    sha:851503a458f1ae30c59ef06c794033c1ff6f38f97a3969ede8d701585f31d02e
  • nginx-core-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:51fd863d7100c60107b3a6a8add29f05004240da800d6e9bdd1200c988f254be
  • nginx-filesystem-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.noarch.rpm
    sha:ab25e80d33c329e27fa89e4b4bb54eecdde6ace1271eb7d4a14acac946c88248
  • nginx-mod-devel-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:ee72985c777fddc72f3a5110ccf3aa0a0d4bd0479ae1d59f0c6196cac55aa687
  • nginx-mod-http-image-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:ba56804da16c36f1f29f6b980cb829e7eead0d98afe4b2b4e4cc3cd1c3196e7b
  • nginx-mod-http-perl-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:1e6eb680b62b37357beb6b3c235785aac2ca0024780cfc74ccb218b830ef38d6
  • nginx-mod-http-xslt-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:039ca883bd25ad9f4b91ab3df6a0d417e1a3ea24b0dac733d894d0439cb7088b
  • nginx-mod-mail-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:82b081694672b8c949c268e2b7010d024a31a04c26ba2dc745dabb45a30efc57
  • nginx-mod-stream-1.20.1-14.el9_2.1.alma.1.tuxcare.els10.x86_64.rpm
    sha:8347fd502e00dabcac9d2e4d40a72809f6a1fbe738c773cbe28cfad10e21c00c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.