[CLSA-2026:1782317575] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-06-24 16:13:16 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:fd633fc20a09f6e515041b26211c1e06cb03352f68376a0fb08ce7a6d0cd6d04
  • nginx-all-modules-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.noarch.rpm
    sha:6d022c1922947da369643d1388b82976c704de0c2d6cbb43b39d801a0e5e05c7
  • nginx-filesystem-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.noarch.rpm
    sha:adb143afc6a562d1044fd3ad3d9a2b25666768a4fbb054689170801892da381a
  • nginx-mod-http-image-filter-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:21b8909486f15717ed696171b6ba22f67d9bcc4e6bc2d7b13e267f08c3bc1ee3
  • nginx-mod-http-perl-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:fc96d7a49e33ca5e19a4fd983586f320742aedc0381ae3b0325cd69193fd7062
  • nginx-mod-http-xslt-filter-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:d0612af802e9bd83b825306b83951380a02b23747af003fa4170a78b75198934
  • nginx-mod-mail-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:52d3fbc7de9473e1c2be948b6a2d89895cdd618551d27b2c72c6a7c8a4160b1d
  • nginx-mod-stream-1.14.1-9.module_el8.5.0+2427+fef2dc31.tuxcare.els9.x86_64.rpm
    sha:1e6ca0cd3574edec19c05a47c1a57c02421708213e3bd6151c56fadeaf1a9b44
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.