Security News

Cybersecurity news aggregator

🔄
INFO Updates Debian Security

DSA-6278-1 nginx - security update

nginxcve-2026-40701cve-2026-42934cve-2026-42945cve-2026-42946
  • What: Security update for Nginx
  • Impact: Addresses multiple vulnerabilities in Nginx
Read Full Article →

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6278-1] nginx security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6278-1] nginx security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Sat, 16 May 2026 17:30:01 +0000 Message-id: <[🔎] agipmU5PG0mEMwT5@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6278-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 16, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2026-40701 CVE-2026-42934 CVE-2026-42945 CVE-2026-42946 CVE-2026-40460 Multiple vulnerabilities were discoverd in Nginx, a high-performance web and reverse proxy server, which could result in bypass of authorisation rules or rate limits, denial of service or memory disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 1.22.1-9+deb12u7. For the stable distribution (trixie), these problems have been fixed in version 1.26.3-3+deb13u5. We recommend that you upgrade your nginx packages. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoIqVcACgkQEMKTtsN8 TjaTchAAkpDTaf9fVfzGXLtVhtWaIQ70X4R2IVEOPqN/1nt5pLD7OorM7A2a8Nj8 h7/27cl5wnW7WFxU1bDSr067xs4y6hopaioEdEggQ0xDGenkn4Vwm/zBsGSrPZTR sx0Yad88SawMYLYenMeLNBTm1oD/ROff0sb8dtX8T+b5eTnv5EuNLqXQzwZipIFz Bwh3vh/uModG8lueiURkVnMeLGUPep3iwyuMN7ULqoK5aaWBBJmYxes6I4iSp/jE Z25Lnd2fBVnKr3zW1v089vfhbEmzTvApFxnsGrEJozV9BRWFT1dBfAbIXOE2seLl mBbWT2JgUYGc7/juc5178VkfL1Xs5HVzdAEFowI7Oz95SY5vwl2Vqxk+Rtarf2Js ywo+JN+/8eztCPmVJy6Sk6Uyx+J6+Kf+DrVKRxtdk05WgOXp0OzIWNsMYTG3xOdt 9Vdvl/Tg6zMB/Ypa6N6RmOyrO/lDxKJavlaWP1+Bt+FEm3jgSyIGh9ymLbBL06Tu SijgaIjkpQUYkf0vKixgoe2tnhT47Ya1/mm6qm3wX3/k6ZwPsr35a7okZVUX6lFr JXFtwS3CPEnXuozAGaCqxEHXaBZzlWIpjBpXcqbHGkKi6jmzWBkB8VZn/XFjHdwn zDqLuehdaNaj1X4GBY/KqfoAJI3N3SyUvGgi04axzTQ0gJVaRFs= =48Fv -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6277-1] openjpeg2 security update Next by Date: [SECURITY] [DSA 6279-1] redis security update Previous by thread: [SECURITY] [DSA 6277-1] openjpeg2 security update Next by thread: [SECURITY] [DSA 6279-1] redis security update Index(es): Date Thread

Related Articles

HIGH Multiples vulnérabilités dans les produits F5 (15 mai 2026) CERT-FR (ANSSI) HIGH Multiples vulnérabilités dans les produits Microsoft (19 mai 2026) CERT-FR (ANSSI) CRITICAL 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE The Hacker News HIGH CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC Reddit r/netsec
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn