ELSA-2026-19372

ULN >
Oracle Linux Errata repository >
ELSA-2026-19372

ELSA-2026-19372 - nginx:1.26 security update

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-06-24

Description

[1.26.3-9.0.1]
- Require oracle-indexhtml

[2:1.26.3-9]
- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.26.3-8]
- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
Execution via specially crafted MP4 files

[2:1.26.3-7]
- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-6]
- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
corruption via crafted MP4 file

[2:1.26.3-5]
- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
modification via buffer overflow in ngx_http_dav_module

[2:1.26.3-4]
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections

[2:1.26.3-3]
- Resolves: RHEL-144454 - Clarify binding behavior of -t option

[2:1.26.3-2]
- Add tmpfiles.d rules for /var directories (bootc compatibility)

[2:1.26.3-1]
- New version 1.26.3

Related CVEs

CVE-2026-42945

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.src.rpm	9c34079e57c5e8401f15963a3637efa1702f8f12ee0608486af2e431a8a88a8d	-	ol9_aarch64_appstream
	nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	f52a856ca1f578f9379e87d7ae2a5f141af8be72c45c8fb5c7a8d5ca85e25db0	-	ol9_aarch64_appstream
	nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm	32fe4614a6f81eefc5c7ddf0c0dc3f91fd371d5b114768b9f7cdea9c52617f1e	-	ol9_aarch64_appstream
	nginx-core-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	9c2d08f4670c8eda95fdf4c1cb3bd299a1294484916d873be15b858cd8640271	-	ol9_aarch64_appstream
	nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm	2c0bcb74ff21ec91a5c9ae6d03f7db0265d309331f4b703844367c44644f5b48	-	ol9_aarch64_appstream
	nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	b82a0c0e69103636c76ad5164179c4eee733fbdc4c24f4d793c0d7368a382ce7	-	ol9_aarch64_appstream
	nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	4f914b2b2f5ace2f2184e4cde577407db01678d55590306bf9559521ad03e405	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	e7098914a667c4c21d87c2db4659b134fda456c5a17b3db287698d2af9c864f6	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	0877b73e039e022b6995583b5275128bf19bb76c29661eaf70877edd01c46ea8	-	ol9_aarch64_appstream
	nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	41cf408e8126629e72c4008d3d720b55ad6f657753dcd925ff358f1b19073d24	-	ol9_aarch64_appstream
	nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.aarch64.rpm	8af9d42118a1d91036fc9c35b065d815764465a76d728576a8062d9dfa63baf7	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.src.rpm	9c34079e57c5e8401f15963a3637efa1702f8f12ee0608486af2e431a8a88a8d	-	ol9_x86_64_appstream
	nginx-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	d0434d53adf968137c4451f74592b1a7a729f303c1efc4c48f1b303185e26001	-	ol9_x86_64_appstream
	nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm	32fe4614a6f81eefc5c7ddf0c0dc3f91fd371d5b114768b9f7cdea9c52617f1e	-	ol9_x86_64_appstream
	nginx-core-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	2b01643748b53d45017d0f0ea7ccba0dcdd18797319fb50193806f977983c0e2	-	ol9_x86_64_appstream
	nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.noarch.rpm	2c0bcb74ff21ec91a5c9ae6d03f7db0265d309331f4b703844367c44644f5b48	-	ol9_x86_64_appstream
	nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	54dbedb8a6552f95db100b5a8efa5a91ae21d5487c646b20939950952c7cb310	-	ol9_x86_64_appstream
	nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	836e538266fb6758f0b37dc267a0b4970d15f2e3628db20e0fb27f639af8fe4a	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	1016265ff3a1099122c493009dc3e6e40073619e9f00efa383d02da05f18a722	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	d1e94a82216c46c17c59d27129884c4d24c4472afb75beaa14083b401b1d9b76	-	ol9_x86_64_appstream
	nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	a350be3e79d89dafbdfcd9f2f884c73fdf4685f4d955768790a90d62c37ac910	-	ol9_x86_64_appstream
	nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90902+e2e6d896.x86_64.rpm	4c6652410ad64f766e807d6138d6b99c1e497db220938292a70a936d6efe46e1	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691