UbuntuUpdates.org

Package "libnginx-mod-mail"

Name: libnginx-mod-mail

Description:

Mail module for Nginx
Latest version: 1.18.0-6ubuntu14.15
Release: jammy (22.04)
Level: security
Repository: main
Head package: nginx
Homepage: https://nginx.net

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libnginx-mod-mail"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libnginx-mod-mail" in Jammy

Repository Area Version
base main 1.18.0-6ubuntu14
updates main 1.18.0-6ubuntu14.15

Changelog

Version: 1.18.0-6ubuntu14.15 2026-06-15 16:07:27 UTC

  nginx (1.18.0-6ubuntu14.15) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Bomb denial of service
    - debian/patches/CVE-2026-49975.patch: updated to patch from Debian's
      1.26.3-3+deb13u6 package which was modified to not break ABI by
      storing the information in a new ngx_http_header_count_module module.
      Thanks to Miao Wang and Jan Mojžíš for the modified patch!
    - CVE-2026-49975

 -- Marc Deslauriers <email address hidden> Wed, 10 Jun 2026 16:12:55 -0400
Source diff to previous version
CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. T

Version: 1.18.0-6ubuntu14.14 2026-06-09 15:07:28 UTC

  nginx (1.18.0-6ubuntu14.14) jammy-security; urgency=medium

  * SECURITY REGRESSION: ABI change breaking external modules (LP: #2155992)
    - debian/patches/CVE-2026-49975.patch: disable for now, pending further
      investigation.

 -- Marc Deslauriers <email address hidden> Tue, 09 Jun 2026 07:45:51 -0400
Source diff to previous version
CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. T

Version: 1.18.0-6ubuntu14.13 2026-06-08 13:07:51 UTC

  nginx (1.18.0-6ubuntu14.13) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Bomb denial of service
    - debian/patches/CVE-2026-49975.patch: Added max_headers directive. in
      src/http/ngx_http_core_module.c, src/http/ngx_http_core_module.h,
      src/http/ngx_http_request.c, src/http/ngx_http_request.h,
      src/http/v2/ngx_http_v2.c.
    - CVE-2026-49975

 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 07:38:10 -0400
Source diff to previous version

Version: 1.18.0-6ubuntu14.12 2026-06-01 18:07:44 UTC

  nginx (1.18.0-6ubuntu14.12) jammy-security; urgency=medium

  * SECURITY UPDATE: resolver use-after-free in OCSP
    - debian/patches/CVE-2026-40701.patch: OCSP: resolve cleanup on connection
      close in src/event/ngx_event_openssl_stapling.c.
    - CVE-2026-40701
  * SECURITY UPDATE: Buffer overread in the ngx_http_charset_module
    - debian/patches/CVE-2026-42934.patch: Charset: fix buffer over-read in
      recode_from_utf8(). in src/http/modules/ngx_http_charset_filter_module.c.
    - CVE-2026-42934
  * SECURITY UPDATE: Buffer overread in the ngx_http_scgi_module and
    ngx_http_uwsgi_module
    - debian/patches/CVE-2026-42946-1.patch: Upstream: reset parsing state after
      invalid status line in src/http/modules/ngx_http_scgi_module.c,
      src/http/modules/ngx_http_uwsgi_module.c.
    - debian/patches/CVE-2026-42946-2.patch: Upstream: fixed parsing of split
      status lines in src/http/modules/ngx_http_proxy_module.c,
      src/http/modules/ngx_http_scgi_module.c,
      src/http/modules/ngx_http_uwsgi_module.c.
    - CVE-2026-42946
  * SECURITY UPDATE: Buffer overflow in the ngx_http_rewrite_module
    - debian/patches/CVE-2026-9256.patch: Rewrite: fix buffer overflow with
      overlapping captures in src/http/ngx_http_script.c.
    - CVE-2026-9256

 -- Marc Deslauriers <email address hidden> Sat, 30 May 2026 10:32:05 -0400
Source diff to previous version
CVE-2026-40701 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optio
CVE-2026-42934 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_
CVE-2026-42946 A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read o
CVE-2026-9256 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses

Version: 1.18.0-6ubuntu14.11 2026-05-14 13:07:33 UTC

  nginx (1.18.0-6ubuntu14.11) jammy-security; urgency=medium

  [ Thomas Ward ]
  * SECURITY UPDATE: buffer overrun in ngx_http_rewrite_module
    (LP: #2152577)
    - d/patches/cve-2026-42945.patch: Apply upstream commit/fix
      for CVE
    - CVE-2026-42945

 -- Marc Deslauriers <email address hidden> Thu, 14 May 2026 09:55:52 +0200
2152577 CVE-2026-42945: heap-based buffer overflow in ngx_http_rewrite_module (NGINX Rift)
CVE-2026-42945 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is


About   -   Send Feedback to @ubuntu_updates