ELSA-2026-19374

ULN >
Oracle Linux Errata repository >
ELSA-2026-19374

ELSA-2026-19374 - nginx security update

Type:	SECURITY
Impact:	CRITICAL
Release Date:	2026-06-23

Description

[1.20.1-28.0.1.el9_8.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-28.2]
- Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.20.1-28.1]
- RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- RHEL-159539 CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- RHEL-159447 CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- RHEL-157888 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

Related CVEs

CVE-2026-42945

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.20.1-28.0.1.el9_8.2.src.rpm	c427a2ccb5f6056cda1e77b9656acdff5a75d196cc7e922a7500216fa5f4bbf1	-	ol9_aarch64_appstream
	nginx-1.20.1-28.0.1.el9_8.2.src.rpm	c427a2ccb5f6056cda1e77b9656acdff5a75d196cc7e922a7500216fa5f4bbf1	-	ol9_aarch64_codeready_builder
	nginx-1.20.1-28.0.1.el9_8.2.aarch64.rpm	b5415e2fd8fc4fb3c85178987dce1f9d1b3423cb1bf916888c85954c040a5873	-	ol9_aarch64_appstream
	nginx-all-modules-1.20.1-28.0.1.el9_8.2.noarch.rpm	d264fdba0fa0562678d71ac2e57754968da2cb69523cb008b92e5e834dbf0b12	-	ol9_aarch64_appstream
	nginx-core-1.20.1-28.0.1.el9_8.2.aarch64.rpm	6af4a42ef4b2228302e76808b25be9b888dc3afb378b9687242c7f7efbce6b08	-	ol9_aarch64_appstream
	nginx-filesystem-1.20.1-28.0.1.el9_8.2.noarch.rpm	cfd2eac7ee6976aa72213ac6410d5a9ae55d5923ff206e0b7be35c20df2d8a59	-	ol9_aarch64_appstream
	nginx-mod-devel-1.20.1-28.0.1.el9_8.2.aarch64.rpm	4c50ff8a3efe283d37d2c36d4b0453e636910a8e508a94481eae40164b7de018	-	ol9_aarch64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.2.aarch64.rpm	d0b85a607bfc946474dbb38a7e54fbccbc825e5295a0acdb12baf58dbd126b7b	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.20.1-28.0.1.el9_8.2.aarch64.rpm	626151cd07bdcab617de11660a0f421a29573cab8e70bb371f6480c293f658b8	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.2.aarch64.rpm	186c38a53c4e150dc945aa48c9546f8c85637be31a1fa2e304a335ed0d37e388	-	ol9_aarch64_appstream
	nginx-mod-mail-1.20.1-28.0.1.el9_8.2.aarch64.rpm	df6d9314112810dabf20faa01b98bf1337e61d6f2882f795ed1a5fe74030b500	-	ol9_aarch64_appstream
	nginx-mod-stream-1.20.1-28.0.1.el9_8.2.aarch64.rpm	ef6b980b51f8e0beaeb9fe166a8158c55625f4c33e2c3b45da999275d16e4041	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.20.1-28.0.1.el9_8.2.src.rpm	c427a2ccb5f6056cda1e77b9656acdff5a75d196cc7e922a7500216fa5f4bbf1	-	ol9_x86_64_appstream
	nginx-1.20.1-28.0.1.el9_8.2.src.rpm	c427a2ccb5f6056cda1e77b9656acdff5a75d196cc7e922a7500216fa5f4bbf1	-	ol9_x86_64_codeready_builder
	nginx-1.20.1-28.0.1.el9_8.2.x86_64.rpm	dc550721c88a2ae11f81460dff6d1dd0e44c1ec6e718132b72af2ff864be5194	-	ol9_x86_64_appstream
	nginx-all-modules-1.20.1-28.0.1.el9_8.2.noarch.rpm	d264fdba0fa0562678d71ac2e57754968da2cb69523cb008b92e5e834dbf0b12	-	ol9_x86_64_appstream
	nginx-core-1.20.1-28.0.1.el9_8.2.x86_64.rpm	5fe227b93fbbbe9e928dbae1c706fc9bbd799afa1fd9d22b537cbf4f52ab4bf7	-	ol9_x86_64_appstream
	nginx-filesystem-1.20.1-28.0.1.el9_8.2.noarch.rpm	cfd2eac7ee6976aa72213ac6410d5a9ae55d5923ff206e0b7be35c20df2d8a59	-	ol9_x86_64_appstream
	nginx-mod-devel-1.20.1-28.0.1.el9_8.2.x86_64.rpm	2747ce677b8d3968ea1043b27ede6373c2348a326ac5753a8b20cb05b0ebe483	-	ol9_x86_64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.2.x86_64.rpm	351924c76e4348f2e4bc8ac219e13d1fe7ac797275d66eda9b34731110577787	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.20.1-28.0.1.el9_8.2.x86_64.rpm	f1b294fc1982c0817379a90da9e8e68a7e9fcd7d7aa8dd71d533f4011f0ffd5a	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.2.x86_64.rpm	b05db6be43920df64e49c01827ae88d717bdb3c9b06a74eb118503c63fb0c8f7	-	ol9_x86_64_appstream
	nginx-mod-mail-1.20.1-28.0.1.el9_8.2.x86_64.rpm	8ae4d1f55cfbc9b331d072a347d04935ef8d33c487ce8a38459db053f03262c6	-	ol9_x86_64_appstream
	nginx-mod-stream-1.20.1-28.0.1.el9_8.2.x86_64.rpm	59185dd0c4e658d3fdd56bf9501fe199da0ce9e506e808891ead58b5e7d773b0	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691