Вход на сайт

Просмотр новости

Найдите то, что Вас интересует

Ausführen beliebiger Kommandos in nginx (Red Hat)

Дата публикации: 08-07-2026 04:42:17



Основное содержимое страницы с новостью.

Sicherheit: Ausführen beliebiger Kommandos in nginx

Aktuelle Meldungen Distributionen

Name: Ausführen beliebiger Kommandos in nginx
ID: RHSA-2026:36364
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Datum: Mi, 8. Juli 2026, 06:42
Referenzen: https://access.redhat.com/errata/RHSA-2026:36364
https://access.redhat.com/security/cve/CVE-2026-42055
https://bugzilla.redhat.com/show_bug.cgi?id=2489866
Applikationen: nginx

Originalnachricht

An update for nginx is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

nginx is a web and proxy server supporting HTTP and other protocols, with a
focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based
buffer overflow with crafted HTTP/2 headers (CVE-2026-42055)

Bug Fix(es) and Enhancement(s):

* "HTTP/2 bomb" nginx fix breaks module ABI causing crashes
[rhel-10.2.z] (JIRA:RHEL-191778)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-42055: Incorrect Calculation of Buffer Size (CWE-131)

Pro-Linux @Facebook

Схожие новости

#Наименование новостиТональностьИнформативностьДата публикации
1Ausführen beliebiger Kommandos in nginx (Red Hat)0508-07-2026
2Ausführen beliebiger Kommandos in compat-openssl10 (Red Hat)0508-07-2026
3Preisgabe von Informationen in Linux (Red Hat)0508-07-2026
4Ausführen von Code mit höheren Privilegien in cifs-utils (Fedora)0508-07-2026
5Ausführen von Code mit höheren Privilegien in cifs-utils (Fedora)0508-07-2026
6Denial of Service in aardvark-dns (Red Hat)0508-07-2026
7Denial of Service in freeipmi (Red Hat)-5708-07-2026
8Denial of Service in freeipmi (Red Hat)0508-07-2026
9Zwei Probleme in skopeo (Red Hat)0508-07-2026
100026-10-2018

Классификация: Пресс-релизы. Схожих патентов: 0. Схожих новостей: 10. Тональность: 0. Информативность: 5. Источник: www.pro-linux.de.