ELSA-2026-19371

ULN >
Oracle Linux Errata repository >
ELSA-2026-19371

ELSA-2026-19371 - nginx:1.24 security update

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-06-23

Description

[1.24.0-7.1.0.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-7.1]
- Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-7]
- Resolves: RHEL-157889 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159448 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159561 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159540 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-6]
- Resolves: RHEL-146529 - CVE-2026-1642 nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections

[1:1.24.0-5]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)

[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak

[1:1.24.0-3]
- Resolves: RHEL-40622 - openssl 3.2 ENGINE regression in nginx

Related CVEs

CVE-2026-42945

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.src.rpm	685e4d69b0f286dba48883a27ad132e6ce36cd0fc9214e4af7384d4cf724533f	-	ol9_aarch64_appstream
	nginx-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	e2bbfbd71840d597d6c7d32c7f57adcc9f9961ae84a2bd25f7ed201dc72b8710	-	ol9_aarch64_appstream
	nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.noarch.rpm	a3a02a68f7c5340ce17538ff3fca467912aed0103b840c2dac69f2e649943e97	-	ol9_aarch64_appstream
	nginx-core-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	28e7ded62684c8da7dad52a705db73cc252432a95d24451500f3172de57f5bfd	-	ol9_aarch64_appstream
	nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.noarch.rpm	e7f4c1518ea9c5c8e9a50850178d0fdd4daad7b9e9bcef9aba8e8ba00d3af584	-	ol9_aarch64_appstream
	nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	cd59e48061e508fd8f6a10cb3d0f59f8530af8f52c53a826ca86b1574320ca72	-	ol9_aarch64_appstream
	nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	c6271e9fc01e8b008a38bba94a227ec240a08cd9d996737c2a1505c4331099c4	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	6d2365a7c8923220f5a57a3d59ebbaa1277ae415ae80777295895d2eb629b071	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	ce0ff653e029d9b3f63074e35ab6e076a9dd9ef89fee568a1212a64494ede320	-	ol9_aarch64_appstream
	nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	bea0778cb2f87f8feedaf614c6356f46d494874c1e41a87858f3813164cb171b	-	ol9_aarch64_appstream
	nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.aarch64.rpm	2388f29f8d09d32d192fe5762dcc66b0e0a19cfe867801caa32252d08a630e20	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.src.rpm	685e4d69b0f286dba48883a27ad132e6ce36cd0fc9214e4af7384d4cf724533f	-	ol9_x86_64_appstream
	nginx-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	57a120ab187e77d4ee2ee654370173ee0442aaf7044ef4fd96b894ecdb22a9dd	-	ol9_x86_64_appstream
	nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.noarch.rpm	a3a02a68f7c5340ce17538ff3fca467912aed0103b840c2dac69f2e649943e97	-	ol9_x86_64_appstream
	nginx-core-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	31e2f4bc037eded0d0857618ea9b5c32c20a8fe92fc9ac62b313ecb6bc9071fb	-	ol9_x86_64_appstream
	nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.noarch.rpm	e7f4c1518ea9c5c8e9a50850178d0fdd4daad7b9e9bcef9aba8e8ba00d3af584	-	ol9_x86_64_appstream
	nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	bfb6a4d8875f79fe5de76e169c8d34781b1172af02242d0d8956dd354ab8b5a1	-	ol9_x86_64_appstream
	nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	7ec51001457cd0e622013ab4d79cc02e955df81f48afd7c0ae5e218d416cb84b	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	16141ebf8d704f5a620f901deeb1604096b5fa8050ec5988a4b43fb7b77336d4	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	db22c1856771ee172ed758ecd369d215e4317e001b742116c4a23685f3e9ef13	-	ol9_x86_64_appstream
	nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	b7b805ad78f956c9daf6ed50309287571390bcee801d6014936e0b01b79b7f67	-	ol9_x86_64_appstream
	nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90907+bb748438.1.x86_64.rpm	d745bb82e50f12d099f90aa5b5793f57459e63d0765f2969e366e6ac388b6147	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691