ELSA-2026-28921

ULN >
Oracle Linux Errata repository >
ELSA-2026-28921

ELSA-2026-28921 - nginx:1.24 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-24

Description

[1.24.0-3.0.1.2]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-3.2]
- Resolves: RHEL-178676 - nginx:1.24/nginx: code execution and denial
of service (CVE-2026-9256)
- Resolves: RHEL-182543 - nginx: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack

[1:1.24.0-3.1]
- Resolves: RHEL-176224 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-3]
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10

[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)

[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6

[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)

[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)

Related CVEs

CVE-2026-9256

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	nginx-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.src.rpm	68198de65109682cbc980df440bfb50fc9e5bcadf6a14182d21ebe7f1fc15cdd	-	ol8_aarch64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	3b9590c1416944935e1cb05a26f7e1c7275f2ec088fd5bad5e53878b3808296a	-	ol8_aarch64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.noarch.rpm	3b12893af2fab973c5be42e263c4b62adc93ba1432e8c4ae4d21964021c17ba6	-	ol8_aarch64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.noarch.rpm	d04d7cfa21e1aba5e89ffb938eb705bffcd9300809aca0c8b34daed0f388efab	-	ol8_aarch64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	430162355db9b843a2d9dbf13d7da0d751646b9b748017cb68d20766f70cad89	-	ol8_aarch64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	2fea27c768a48f490079a3070279003c49ccd7d324367287934a191bfbfd0608	-	ol8_aarch64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	c982074a2eaf60bcb09fe249aef18b61de49be46bfbe789451b4c4470e784050	-	ol8_aarch64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	8b420cc4c10a54d464be51dbdcbd4ee96cca2ab983292b3e6fbeae3450157c18	-	ol8_aarch64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	68a8e8a5a07c4f7ffb5cc546e3ca59e8a1e080e30c669ac5edc517d41a57608f	-	ol8_aarch64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.aarch64.rpm	d17038727a6245a38beea0850ce27edd58e6134a7d150e21cbc03edaaf423634	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	nginx-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.src.rpm	68198de65109682cbc980df440bfb50fc9e5bcadf6a14182d21ebe7f1fc15cdd	-	ol8_x86_64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	c6e2be198833843c71949ee91ee88011c52a0ee7107aedde67df3fa7364e35f6	-	ol8_x86_64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.noarch.rpm	3b12893af2fab973c5be42e263c4b62adc93ba1432e8c4ae4d21964021c17ba6	-	ol8_x86_64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.noarch.rpm	d04d7cfa21e1aba5e89ffb938eb705bffcd9300809aca0c8b34daed0f388efab	-	ol8_x86_64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	6fce6ac5dbf5b46f81cdbafd6549b5f42a63d15922729e223f5f3353b056f44d	-	ol8_x86_64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	2907f5cd5c8fddc37f3c0dc7bd1268eb4e447c6f36ee818fca47aff40a2f2436	-	ol8_x86_64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	dbed124e00532ba5eb9a6501bb3ea0f9af9342ca6a21776bab9f473c5f3d2471	-	ol8_x86_64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	d6837a5f4532fc94aebee44431484cd41550b962fbf972be293b75389707b626	-	ol8_x86_64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	6142561d3312e96e48cd022fb0a80740f75d5aea6c0a0cb11d45f8e3595d6ebb	-	ol8_x86_64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90930+6a64aa8a.2.x86_64.rpm	bafbf54057de6cbf7dcf26e791ec69227ca3cddf5b7cd41f31061a702a1f5b82	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691