ELSA-2026-18029

ELSA-2026-18029 - nginx security update

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-05-19

Description

[2:1.20.1-24.0.1.el9_7.3]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-24.3]
- Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.20.1-24.2]
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)

Related CVEs

CVE-2026-42945

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	nginx-1.20.1-24.0.1.el9_7.3.src.rpm	957411a38eaf4068e4c288ada782d8efd02f6321f6fd9b6b0800cd1b894c06e1	-	ol9_aarch64_appstream
	nginx-1.20.1-24.0.1.el9_7.3.src.rpm	957411a38eaf4068e4c288ada782d8efd02f6321f6fd9b6b0800cd1b894c06e1	-	ol9_aarch64_codeready_builder
	nginx-1.20.1-24.0.1.el9_7.3.aarch64.rpm	777a8cf700bed67f17e9bf7ea35a931c4d3438672826cbf90faa79dee8f6fb75	-	ol9_aarch64_appstream
	nginx-all-modules-1.20.1-24.0.1.el9_7.3.noarch.rpm	f8d7dc50230a54d1434504e6d2f2a74d8ee0545fccd744cc002e23728b0b629a	-	ol9_aarch64_appstream
	nginx-core-1.20.1-24.0.1.el9_7.3.aarch64.rpm	0f024a7913c4cfce5e6707924d22778f09ab6926b657b1dfaa5a4a2666555134	-	ol9_aarch64_appstream
	nginx-filesystem-1.20.1-24.0.1.el9_7.3.noarch.rpm	709298c71231b885908f48483e2cd631a92b7b7490fd7a401fcaad7314192919	-	ol9_aarch64_appstream
	nginx-mod-devel-1.20.1-24.0.1.el9_7.3.aarch64.rpm	a1b07fe3710731a656a615398953b838cb15d6c18fa7bf1f56a9a035be472e40	-	ol9_aarch64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.3.aarch64.rpm	68497f839a69564ac80cc9c39ee30da4206a7dfc00cd42b1f36f3b771e9ca7f6	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.20.1-24.0.1.el9_7.3.aarch64.rpm	b413788f31da018b31700747588642aaf77271a10cefc3ee8f6d55ef1d94f2ec	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.3.aarch64.rpm	c91962787a59ff1ce8619b81fd77b5106de51f05cfe4bac8a5e56d240aa34ca6	-	ol9_aarch64_appstream
	nginx-mod-mail-1.20.1-24.0.1.el9_7.3.aarch64.rpm	add2d07ce01e3c0adff13285bb537e855c1db7fd72739cc91ad9376e181512ef	-	ol9_aarch64_appstream
	nginx-mod-stream-1.20.1-24.0.1.el9_7.3.aarch64.rpm	8f8a3813eb5de043cf8549713e86380ab6968c62fac2d64ac9ffe3f979fecb8b	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	nginx-1.20.1-24.0.1.el9_7.3.src.rpm	957411a38eaf4068e4c288ada782d8efd02f6321f6fd9b6b0800cd1b894c06e1	-	ol9_x86_64_appstream
	nginx-1.20.1-24.0.1.el9_7.3.src.rpm	957411a38eaf4068e4c288ada782d8efd02f6321f6fd9b6b0800cd1b894c06e1	-	ol9_x86_64_codeready_builder
	nginx-1.20.1-24.0.1.el9_7.3.x86_64.rpm	09e0adea68ab5883a5e02833ee6e9a8ffbda175c43a8ac74376630e67970b687	-	ol9_x86_64_appstream
	nginx-all-modules-1.20.1-24.0.1.el9_7.3.noarch.rpm	f8d7dc50230a54d1434504e6d2f2a74d8ee0545fccd744cc002e23728b0b629a	-	ol9_x86_64_appstream
	nginx-core-1.20.1-24.0.1.el9_7.3.x86_64.rpm	e8bd7d59dda79f6ebdae3a434676045f6239a41048495dc48d49a10c391fc23e	-	ol9_x86_64_appstream
	nginx-filesystem-1.20.1-24.0.1.el9_7.3.noarch.rpm	709298c71231b885908f48483e2cd631a92b7b7490fd7a401fcaad7314192919	-	ol9_x86_64_appstream
	nginx-mod-devel-1.20.1-24.0.1.el9_7.3.x86_64.rpm	ced0e693aa5e5d7e18ea4f13bba76f9c9983949ebb79a75e0465c473c5a3fd93	-	ol9_x86_64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.3.x86_64.rpm	42e1ee24e21f700f95db626760a7847f1c64cef7fa5f763c3198aa2eccce9db0	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.20.1-24.0.1.el9_7.3.x86_64.rpm	38fa3a7d005a490a75fa12a678e725788bc126ec75bd9e01c247ed8f288acbe4	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.3.x86_64.rpm	cc6d1b11302ceb78c7a8dff340ddeb11deede6ec3482cdf807cdb78002e741ac	-	ol9_x86_64_appstream
	nginx-mod-mail-1.20.1-24.0.1.el9_7.3.x86_64.rpm	1ae88ece8be27d394567eafacdb137474e154c85ca7ab371ea8635c43f22e9c9	-	ol9_x86_64_appstream
	nginx-mod-stream-1.20.1-24.0.1.el9_7.3.x86_64.rpm	5311279a89fe85a0b6252b4d9462094bffe15ac6cade28eb0dbb0b2735b6ad77	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team