ELSA-2026-29151

ELSA-2026-29151 - nginx:1.26 security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-06-25

Description


[1.26.3-9.0.1.1]
- Require oracle-indexhtml

[2:1.26.3-11]
- nginx:1.26/nginx: HTTP/2: Remote Denial of Service via compression bomb
and Slowloris-style attack

[2:1.26.3-10]
- nginx: code execution and denial of service (CVE-2026-9256)

[2:1.26.3-9]
- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.26.3-8]
- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
Execution via specially crafted MP4 files

[2:1.26.3-7]
- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-6]
- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
corruption via crafted MP4 file

[2:1.26.3-5]
- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
modification via buffer overflow in ngx_http_dav_module

[2:1.26.3-4]
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections

[2:1.26.3-3]
- Resolves: RHEL-144454 - Clarify binding behavior of -t option


Related CVEs


CVE-2026-9256

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.src.rpm432a97d7a65c35503f74ffb52401de50e05289628441f849343dff13ad558a87-ol9_aarch64_appstream
nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm6287657528ab958109a540218ca7da5624334e68a45e23d4a847756a37ce0d74-ol9_aarch64_appstream
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm2482f57db1a24bfa2ceebbfe48aeaf77f1a3b69847e6a4338fa90ec3e2506961-ol9_aarch64_appstream
nginx-core-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm4d6049d43cd7f776c550ef1fc2ab9459fbd5019b26ab8e3c6fa38148ea427d5c-ol9_aarch64_appstream
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm0ac71cd18849217059f4e336ce2e9a4fde351d09827fc5369dfeb1d17029504d-ol9_aarch64_appstream
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm35864b07bf47e5e24f3ad4cf10d092dd629d3939acfb9346af05364802311dd8-ol9_aarch64_appstream
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpmc40dd8cf92fb30f8585a5ff79c6a98dd068551e0afdd6361db34eef5502902b2-ol9_aarch64_appstream
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm68bd1516f3fdb7c8950d2d6c96e4e41d95e68a2c1ab9dbc995d4fc9a6e9db645-ol9_aarch64_appstream
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm149f0f8bae00590285235117bdbeffe3297476e3d2d4928fa1607f7543ebfdbe-ol9_aarch64_appstream
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm9843c02b6e46b2137994afd18fb844b2f010f04a3b7e46214b9d1eed2e0fe578-ol9_aarch64_appstream
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.aarch64.rpm1454f196baf14bdb7d753c54a707d77664a29e569c2d0d9f28d6f8fba7323234-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.src.rpm432a97d7a65c35503f74ffb52401de50e05289628441f849343dff13ad558a87-ol9_x86_64_appstream
nginx-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm940e28aed295192fccf343598992a237ac076fab057512f7ab5d90eed6d4eeaa-ol9_x86_64_appstream
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm2482f57db1a24bfa2ceebbfe48aeaf77f1a3b69847e6a4338fa90ec3e2506961-ol9_x86_64_appstream
nginx-core-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm7528cb6259cfcd86206a082bbfb1ccc4f7a443d64378d778105d67f8f82ce6a8-ol9_x86_64_appstream
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.noarch.rpm0ac71cd18849217059f4e336ce2e9a4fde351d09827fc5369dfeb1d17029504d-ol9_x86_64_appstream
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm9738b596fb22b6b4d4ad4f6725b895147e6a3b17baebb67ef4e13d4f7200f656-ol9_x86_64_appstream
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpme33af027467e43542b38184c6516d559fba96690c73b3225f032b653eb8a8abf-ol9_x86_64_appstream
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm34438284f8f0dde38ce9111aabec85a310e4745e595dfb3e4763bfcbb88c6f7e-ol9_x86_64_appstream
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpm7c85ae7dbfbd81d07acd6ff121fbfa2587962fd995ada4b4c8d0464b91196032-ol9_x86_64_appstream
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpmade3d15c80b4a6aafa499ffcff38811397599b456a70b29528cd9fd4dec6101c-ol9_x86_64_appstream
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90931+68e8e4c5.1.x86_64.rpmdafd14299a02ba14e9fb1d8b4b6db023d16a763ec398a0b65ab4739456c62342-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete