Debian Linux: Unrestricted Access to Sensitive System Files

Summary

A vulnerability in Debian Linux allows unauthorized access to sensitive system files. This could be exploited by an attacker to gain elevated privileges, potentially leading to data breaches or system compromise. Update your Debian Linux system to the latest version to fix this issue.

What to do

Update debian nginx to version 1.18.0-6.1+deb11u6.
Update debian nginx to version 1.22.1-9+deb12u7.
Update debian nginx to version 1.26.3-3+deb13u5.

Affected software

Ecosystem	Vendor	Product	Affected versions
Debian:11	debian	nginx	< 1.18.0-6.1+deb11u6 Fix: upgrade to 1.18.0-6.1+deb11u6
Debian:12	debian	nginx	< 1.22.1-9+deb12u7 Fix: upgrade to 1.22.1-9+deb12u7
Debian:13	debian	nginx	< 1.26.3-3+deb13u5 Fix: upgrade to 1.26.3-3+deb13u5
Debian:14	debian	nginx	All versions

Original title

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and ...

Original description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

https://security-tracker.debian.org/tracker/CVE-2026-42945 Vendor Advisory