[CLSA-2026:1781511735] nginx: Fix of CVE-2026-49975
Type:
security
Severity:
Important
Release date:
2026-06-15 08:23:32 UTC
Description:
- CVE-2026-49975: add max_headers directive (default 1000) to cap HTTP/2 request-header memory exhaustion (HTTP/2 Bomb)
CVEs fixed:
Updated packages:
  • nginx-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:68428ae9f054eb1d46894428f34c703aa583f7f32a3e54b5536b8cace2d55d40
  • nginx-all-modules-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.noarch.rpm
    sha:91bbb5e1cc7f4a5f8a2f4d1bff49e1ac2ff54f5b60e96ca470f22e9560740bd2
  • nginx-core-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:4eff4355995d625a6ba049054f820ac67254e783d96f89d45daa071420f4c5d0
  • nginx-filesystem-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.noarch.rpm
    sha:e9d7b446a29167e90e4f970c49756292fd8724198f6fb4fb251e8727c7cc413c
  • nginx-mod-devel-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:9959a8ca423e266a41e8fcb8c44de163e2b5d0d1a59294b796b97c5fbf22f9cc
  • nginx-mod-http-image-filter-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:44a963db4141a11628254c26a06ef3e759fccd4553d4b1e14d62e9c6a2ce2bc2
  • nginx-mod-http-perl-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:5803effd0b68179a18f77352eae75904bd44cf2c3b2c08c034dbaaf3e603220c
  • nginx-mod-http-xslt-filter-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:80ff5f5a8b2439c86f03c5c833891a1d2e531c628df48ac520dbf539703591b5
  • nginx-mod-mail-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:32b0186e6a5f12005a6ae2d42acc822940749f02bad5c8a7c1ea3c8f4cc4f57b
  • nginx-mod-stream-1.20.1-22.el9_6.3.alma.2.tuxcare.els6.x86_64.rpm
    sha:547b509f5997ac248b309c6fa5ced600bfdd06b50bc579293e61bc87ec2a7f5e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.