[CLSA-2026:1776766448] nginx: Fix of CVE-2026-27654
Type:
security
Severity:
Important
Release date:
2026-04-21 10:14:13 UTC
Description:
- CVE-2026-27654: fix heap-based buffer overflow in ngx_http_dav_module triggered by destination URI shorter than alias length in COPY/MOVE requests
Updated packages:
  • nginx-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:a4399f24b6006caa6440791c40dbba38b9e8e4e99140d0cf384acff636a21b16
  • nginx-all-modules-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.noarch.rpm
    sha:54e04ad900179cc315eceba23f2305d265b57282249198faeefaef2349d909c7
  • nginx-core-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:2e1d834efc00ba2aeb6eec668cdadc3d133d50911c7f77f193f0785a017c0e8b
  • nginx-filesystem-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.noarch.rpm
    sha:e855622c65a8d0c23a3a85f82078beabe2bbaf37c166a04a134d64fb9e24510c
  • nginx-mod-devel-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:36ab44f6ba925fb729355a24f75cbb0ddb0d113da4cc3be265f6240da0c241dd
  • nginx-mod-http-image-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:ebffe18361e13d32cdd975e6c7143b7ad576310a2fd50913c91b91b3a460df78
  • nginx-mod-http-perl-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:47f819de5fbf00a65badb773f2f5ee00ea144a885f80ffc9b31844976856b00a
  • nginx-mod-http-xslt-filter-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:8ce659d05d73cd952e2a51f043b2d4da50d3cfa282cf7806d1a5ebda93c8c0c4
  • nginx-mod-mail-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:5aa0f211868d19b1836e47bd2635d699cf70061c3ef5b88e93a6b78554d8a863
  • nginx-mod-stream-1.20.1-14.el9_2.1.alma.1.tuxcare.els5.x86_64.rpm
    sha:863b8ac34efd307459de12fe6e472fb40eb4b6e92f63fe66a8bb6f8c926a309c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.