Severity:
('Important', ['ELSCVE-95151', 'ELSCVE-95097', 'ELSCVE-94969'])
Release date:
2026-04-17 17:18:52 UTC
Description:
- CVE-2026-27651: fix null pointer dereference in ngx_mail_auth_http_module when
clearing password in auth http requests with CRAM-MD5/APOP
- CVE-2026-27654: fix heap buffer overflow in DAV module when COPY/MOVE
destination URI is shorter than alias
- CVE-2026-32647: fix buffer over-read/over-write in mp4 module when
processing empty stco and co64 atoms
Updated packages:
-
nginx-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:4f7836a23468e81cec4958ed8aa9d3114da7632380126fc1f84f6d642a4970c1
-
nginx-all-modules-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.noarch.rpm
sha:714b122b30bdfda0557fca4e6ed1c74ad386e751062dd886420d56bebee17745
-
nginx-core-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:36eed4faefea325380897594e3f6716c154da989d3dc4cdb2ef113ef710c5987
-
nginx-filesystem-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.noarch.rpm
sha:2e65dbdf9b7516fccf17c47e783dc06a1a4924cdadd48e023a02aa72c898172c
-
nginx-mod-devel-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:558fe8d26e8161718c8aff4e6d747f7b5f23aa54f4bb98f685fc14601c35554f
-
nginx-mod-http-image-filter-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:5a04d1f809b7082bd9ef6e075a1ed8492acb9ed589ae28d11eb619d1c819c5bc
-
nginx-mod-http-perl-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:3ca4fd5917abf586ebb9f564f9cb281ccbd57ccae2a9a1116a5a6fd9be30acc7
-
nginx-mod-http-xslt-filter-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:4b586ecb5e452dd61c31b6aba3a1ff469c25e93b9950de8bc414d408f79512c4
-
nginx-mod-mail-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:a7f8a821bf1120cce8692480d70b0b4fb3253e2c28f990d9a47597f69b25dbbe
-
nginx-mod-stream-1.20.1-22.el9_6.3.alma.2.tuxcare.els2.x86_64.rpm
sha:2f6aa44dcfbd90b5dbf3b65e48ceee2d516c46ea338bf7ee761401346a730489
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
