[CLSA-2026:1782317138] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-06-24 16:05:54 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:03e68586ee01e641b3daa01d79b6a906a800a8e961be391d6ca80447462f248d
  • nginx-all-modules-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.noarch.rpm
    sha:161c5c62164202ba894a0b75b1915693223bf20632427c5091c67743f26f846a
  • nginx-filesystem-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.noarch.rpm
    sha:bf53efb83270df9550295cc25cca84da724a3583e0e8b49494c4ef2307c5a424
  • nginx-mod-http-image-filter-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:6368a36e986fd5a3ea6e7216380838121f77369baa0ad51acd300049c90d1e76
  • nginx-mod-http-perl-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:5edee9eba671c2910d7679c8c3be0893bd116fef112da091f45dea5d676d0793
  • nginx-mod-http-xslt-filter-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:48863f9a8c62418dd1ee1e400e8207d1c91c2e7be10788792f6dddf35c50186d
  • nginx-mod-mail-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:8589ba5f67a5ed90e86e9397f4aea214f25184c4c68dfd1f7b7469e418742c6f
  • nginx-mod-stream-1.14.1-9.module_el8.4.0+2426+f8b5767a.tuxcare.els9.x86_64.rpm
    sha:b17ba2cd3166ea243e715ca93026a99569a3940428755efe2b5f93c8dc8d4bd5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.