ELSA-2026-29151

ULN >
Oracle Linux Errata repository >
ELSA-2026-29151

ELSA-2026-29151 - nginx:1.26 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-25

Description

[1.26.3-9.0.1.1]
- Require oracle-indexhtml

[2:1.26.3-11]
- nginx:1.26/nginx: HTTP/2: Remote Denial of Service via compression bomb
and Slowloris-style attack

[2:1.26.3-10]
- nginx: code execution and denial of service (CVE-2026-9256)

[2:1.26.3-9]
- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.26.3-8]
- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
Execution via specially crafted MP4 files

[2:1.26.3-7]
- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-6]
- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
corruption via crafted MP4 file

[2:1.26.3-5]
- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
modification via buffer overflow in ngx_http_dav_module

[2:1.26.3-4]
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections

[2:1.26.3-3]
- Resolves: RHEL-144454 - Clarify binding behavior of -t option

Related CVEs

CVE-2026-9256

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.src.rpm	432a97d7a65c35503f74ffb52401de50e05289628441f849343dff13ad558a87	-	ol9_aarch64_appstream
	nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	6287657528ab958109a540218ca7da5624334e68a45e23d4a847756a37ce0d74	-	ol9_aarch64_appstream
	nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm	2482f57db1a24bfa2ceebbfe48aeaf77f1a3b69847e6a4338fa90ec3e2506961	-	ol9_aarch64_appstream
	nginx-core-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	4d6049d43cd7f776c550ef1fc2ab9459fbd5019b26ab8e3c6fa38148ea427d5c	-	ol9_aarch64_appstream
	nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm	0ac71cd18849217059f4e336ce2e9a4fde351d09827fc5369dfeb1d17029504d	-	ol9_aarch64_appstream
	nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	35864b07bf47e5e24f3ad4cf10d092dd629d3939acfb9346af05364802311dd8	-	ol9_aarch64_appstream
	nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	c40dd8cf92fb30f8585a5ff79c6a98dd068551e0afdd6361db34eef5502902b2	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	68bd1516f3fdb7c8950d2d6c96e4e41d95e68a2c1ab9dbc995d4fc9a6e9db645	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	149f0f8bae00590285235117bdbeffe3297476e3d2d4928fa1607f7543ebfdbe	-	ol9_aarch64_appstream
	nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	9843c02b6e46b2137994afd18fb844b2f010f04a3b7e46214b9d1eed2e0fe578	-	ol9_aarch64_appstream
	nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm	1454f196baf14bdb7d753c54a707d77664a29e569c2d0d9f28d6f8fba7323234	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.src.rpm	432a97d7a65c35503f74ffb52401de50e05289628441f849343dff13ad558a87	-	ol9_x86_64_appstream
	nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	940e28aed295192fccf343598992a237ac076fab057512f7ab5d90eed6d4eeaa	-	ol9_x86_64_appstream
	nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm	2482f57db1a24bfa2ceebbfe48aeaf77f1a3b69847e6a4338fa90ec3e2506961	-	ol9_x86_64_appstream
	nginx-core-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	7528cb6259cfcd86206a082bbfb1ccc4f7a443d64378d778105d67f8f82ce6a8	-	ol9_x86_64_appstream
	nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm	0ac71cd18849217059f4e336ce2e9a4fde351d09827fc5369dfeb1d17029504d	-	ol9_x86_64_appstream
	nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	9738b596fb22b6b4d4ad4f6725b895147e6a3b17baebb67ef4e13d4f7200f656	-	ol9_x86_64_appstream
	nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	e33af027467e43542b38184c6516d559fba96690c73b3225f032b653eb8a8abf	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	34438284f8f0dde38ce9111aabec85a310e4745e595dfb3e4763bfcbb88c6f7e	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	7c85ae7dbfbd81d07acd6ff121fbfa2587962fd995ada4b4c8d0464b91196032	-	ol9_x86_64_appstream
	nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	ade3d15c80b4a6aafa499ffcff38811397599b456a70b29528cd9fd4dec6101c	-	ol9_x86_64_appstream
	nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm	dafd14299a02ba14e9fb1d8b4b6db023d16a763ec398a0b65ab4739456c62342	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691