ELSA-2026-18041

ULN >
Oracle Linux Errata repository >
ELSA-2026-18041

ELSA-2026-18041 - nginx:1.24 security update

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-05-19

Description

[1.24.0-3.0.1.1]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-3.1]
- Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-3]
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10

[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)

[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6

[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)

[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)

[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787

Related CVEs

CVE-2026-42945

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.src.rpm	cec631ddfae9121f5f4c62352854ef0cf2e6c6224a2a515ba336bd4c16d01329	-	ol8_aarch64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	c4af19402bf0a9324c5cd07a4acb2a39a0b3e221d0bae0d43fa61edf5d969d01	-	ol8_aarch64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm	51b52094720e728ae011540d93842c921d5e0f8db48bb845468f73e8968f683e	-	ol8_aarch64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm	999bec7e74e280505828d52dfa878e97991d2b882533ca11ebec79637a8680bd	-	ol8_aarch64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	00b88fe2c69729284d3b2a22ba3ff178b00ef9c111b41dd3a53991f629739f02	-	ol8_aarch64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	d8f342671a4ba8af92924730f814dedc8c4e3b0be10ae8ccebd4bb9fc237b660	-	ol8_aarch64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	5ab046a1b7dbd00fbf273ba5f2f025700197f50f85e19707d4c46d17ccae17ee	-	ol8_aarch64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	a44112d2104511b87ad8449e5a188cccf346cd9a37362def6885af5e248ecb1f	-	ol8_aarch64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	c243eb69348f9413f05dc3fcf010b79271fc1346f476000d683d5d4930584f5d	-	ol8_aarch64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.aarch64.rpm	56bd98a292fddd06ae4de2a4ec245bbc07be090ceae3065f46e7bb42ee925a6e	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.src.rpm	cec631ddfae9121f5f4c62352854ef0cf2e6c6224a2a515ba336bd4c16d01329	-	ol8_x86_64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	725761e73eae12d261d85183fed5547a6a05c7f8cbd7451dc141ace8ff8a704f	-	ol8_x86_64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm	51b52094720e728ae011540d93842c921d5e0f8db48bb845468f73e8968f683e	-	ol8_x86_64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.noarch.rpm	999bec7e74e280505828d52dfa878e97991d2b882533ca11ebec79637a8680bd	-	ol8_x86_64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	6ec03df433f7e00542fc2055296e150075558b6c7b71df61ad9c00b8a37b2713	-	ol8_x86_64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	04c0f9a7b651c54e911d90c41a4c0e8a7e0047e98eac1c5850504dd265db7892	-	ol8_x86_64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	7a4f8bd5689ee30cd943e39a68554d8cabb3cdb0c55aac276cdc40f8b2cb5802	-	ol8_x86_64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	7f49f231ce1d5db2cc0239abee988cd1c2479314d5f1ff2738a5a0615773fe62	-	ol8_x86_64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	7f6c789d4dcd0485fae27636d8d0ffbfb8a6564a858367680e1536fb18adea46	-	ol8_x86_64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90893+b2195e14.1.x86_64.rpm	6c5ea28e2fe74f2e78d4f2510aba094e26b1e490c66d43daa302daa68276a946	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691