SysAdmin.help

Not a great week in Linux Land!
https://www.theregister.com/security/20 ... rs/5241950
https://www.theregister.com/security/20 ... ss/5240270

Solution
Disable ASLR if possible.

That's crazy! The opposite advice is recommended -- make sure Address Space Layout Randomization (ASLR) is ENABLED to prevent remote code execution (RCE).

I think The Register's quote from Kevin Beaumont is spot-on:
Security researcher Kevin Beaumont noted that while the bug is real, modern Linux defaults significantly reduce the likelihood of successful real-world RCE. "Regarding CVE-2026-42945 in nginx – no modern (or even old) Linux distribution ...

Have you noticed a pattern to the releases? Bi-monthly or any regularity to them?

https://forum.centos-webpanel.com/updat ... /#msg53072
cyberspace's RC updater script here generally works well to keep RC up-to-date. I have it running in my cron.daily routines, so my servers were up to date even before I saw the notice!

In the owasp.conf file, /usr/local/apache/modsecurity-rules/owasp.conf , I have omitted the version numbers, so it saves a step in your instructions, since that file stays the same between versions:
Include /usr/local/apache/modsecurity-rules/owasp-crs/coreruleset/crs-setup.conf
Include /usr/local ...

Looks as though the Industry Announcements is also having permissions problems -- can't post a reply there either.

First suggestion: Probably need to have posts in every topic so as to stimulate organic growth from there.

Confirmed working on AlmaLinux 8.

Was it via this method?

Remove CWP's GoAccess and install prerequisite (MaxMind GeoIP library):
yum -y remove goaccess
yum install libmaxminddb-devel.x86_64
Download and compile GoAccess, replace the current CWP version:
cd /usr/local/src
wget https://tar.goaccess.io/goaccess-1.9.3.tar.gz
tar ...