ELSA-2026-28212

ELSA-2026-28212 - nginx:1.24 security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-06-29

Description


[1.24.0-7.0.1.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-7.2]
- Resolves: RHEL-178681 - nginx:1.24/nginx: code execution and denial
of service (CVE-2026-9256)
- Resolves: RHEL-182554 - nginx:1.24/nginx: HTTP/2: Remote Denial of
Service via compression bomb and Slowloris-style attack

[1:1.24.0-7.1]
- Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-7]
- Resolves: RHEL-157889 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159448 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159561 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159540 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-6]
- Resolves: RHEL-146529 - CVE-2026-1642 nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections

[1:1.24.0-5]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)

[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak


Related CVEs


CVE-2026-9256

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.src.rpmaea9c6db3d72696dec294b81e00195ee549113945e2a0c9600ff52dc7df94f25-ol9_aarch64_appstream
nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpmefbb8ff0835e4651d28fe5d30e1e79111e98d07653f7dc2107051e6178556ce1-ol9_aarch64_appstream
nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpmeee983776dbc63d15f13174c798e916b0d9886a8fb926bd41a5057bb01d81a22-ol9_aarch64_appstream
nginx-core-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm44a5c6887cef7ea09ce1da566b7417ddb1f0bbaacbd24a7d067c9f2da8db2786-ol9_aarch64_appstream
nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm493135c27af146c098b3f41676f0e73f6a572a9f08f499ba82aee4d912cd3f71-ol9_aarch64_appstream
nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm4a41143c1cea315718c543840465a1aac6c479699d8e8e027153acfbe391782c-ol9_aarch64_appstream
nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm705d52c1209a623867fc887ddee3d2128ca8b77d6a44a8ba4b2db06b06101d11-ol9_aarch64_appstream
nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm90af5ea42e2d722f2985b2aebab57c6568bdf7355d6b243df73ff1417a61f0a4-ol9_aarch64_appstream
nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpmd843db4de8870fa8657e7ded3fae5434129f0713c5d98042b33e34ac6f246216-ol9_aarch64_appstream
nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpm55909957ffee1de503ca481af3b617f7a8f0397c54ce0af9208a08b97b9d2f2e-ol9_aarch64_appstream
nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.aarch64.rpmd505958c52c71d2b4b0cdbf56ba19bab6c6ae3c7a05a5f0a31dd7daad54eee3b-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.src.rpmaea9c6db3d72696dec294b81e00195ee549113945e2a0c9600ff52dc7df94f25-ol9_x86_64_appstream
nginx-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm11cfc3ba8fd6c502dc9303d9594e94c1036e50b45b0f7323d64c2e500e1a8207-ol9_x86_64_appstream
nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpmeee983776dbc63d15f13174c798e916b0d9886a8fb926bd41a5057bb01d81a22-ol9_x86_64_appstream
nginx-core-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm0519842b654d5af51525216bd813446dfd3cbc46676e340d6e6bdb8764122665-ol9_x86_64_appstream
nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.noarch.rpm493135c27af146c098b3f41676f0e73f6a572a9f08f499ba82aee4d912cd3f71-ol9_x86_64_appstream
nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpmaa65ce5a1b33f6276b0ee0dd04f6491b01e1d604de6bd218d71591a374375a9b-ol9_x86_64_appstream
nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm1b5d7c700e1ca1906f4ea8431dc99930c5b7ee5eb1192adfbd34aad6a6c9868b-ol9_x86_64_appstream
nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm899694eafc4ececb97a398d11755745fe3a420a4d42bc97e4d747304174ffb43-ol9_x86_64_appstream
nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpmd6716ad330b006a2b9b1cbf27b75e9b1cf808ef3f8ec30f14660a3f7b2a170a5-ol9_x86_64_appstream
nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpm89ccdabe24eaaadfc4fc1ece615e522dbe3a943ae1ee8742b1c1893002d98b9c-ol9_x86_64_appstream
nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90934+bc5453bc.2.x86_64.rpme44c0c3967b40d7cfa066877de3860a140a23180bbe7fb610002cf579449f31e-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete