ELSA-2026-28973

ELSA-2026-28973 - nginx security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-06-29

Description


[2:1.20.1-28.0.1.el9_8.3]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-28.3]
- Resolves: RHEL-178684 - nginx: code execution and denial of
service (CVE-2026-9256)
- Resolves: RHEL-182553 - nginx: HTTP/2: Remote Denial of Service via
compression bomb and Slowloris-style attack

[2:1.20.1-28.2]
- Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.20.1-28.1]
- RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- RHEL-159539 CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- RHEL-159447 CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- RHEL-157888 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files


Related CVEs


CVE-2026-9256

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nginx-1.20.1-28.0.1.el9_8.3.src.rpm60f6fc03a5c1572ca6f45dce04188d33433d595f9f237eb93ee16fc0556ba175-ol9_aarch64_appstream
nginx-1.20.1-28.0.1.el9_8.3.src.rpm60f6fc03a5c1572ca6f45dce04188d33433d595f9f237eb93ee16fc0556ba175-ol9_aarch64_codeready_builder
nginx-1.20.1-28.0.1.el9_8.3.aarch64.rpm5288b7ec429a9b1f4e69f12fc777f1d39313d621adcb4418839eda6dff3a37fc-ol9_aarch64_appstream
nginx-all-modules-1.20.1-28.0.1.el9_8.3.noarch.rpm0317af3b3c765458c42026915e79d9b5d8ad6857021264a4f0beb79ca4cc0531-ol9_aarch64_appstream
nginx-core-1.20.1-28.0.1.el9_8.3.aarch64.rpmff532152729a6fa1cb69120cfdb9dfc78010919938dbff04d080e3822cfe9e01-ol9_aarch64_appstream
nginx-filesystem-1.20.1-28.0.1.el9_8.3.noarch.rpm7ed7d8e1155181edcdbafcc4ecb59a324b4c23673430b41a60c1846965b48214-ol9_aarch64_appstream
nginx-mod-devel-1.20.1-28.0.1.el9_8.3.aarch64.rpm0332c74a31e995e0a7b21b5faa467de5bf0731b2506f60e04973d52f3d2dd77c-ol9_aarch64_codeready_builder
nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.3.aarch64.rpm3f7dd168f53d422a48384066032847df8c8b621d77d98f6c3053a6bdebb75232-ol9_aarch64_appstream
nginx-mod-http-perl-1.20.1-28.0.1.el9_8.3.aarch64.rpm36efdd97fe925dbfabfb7d083d9bea9ffee11e035eb90c6be8312f008423e7b9-ol9_aarch64_appstream
nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.3.aarch64.rpm40ae474de7d83cf70de6e29fc6ded56e5f84f0942b6b6ec56115badf478588c2-ol9_aarch64_appstream
nginx-mod-mail-1.20.1-28.0.1.el9_8.3.aarch64.rpmb67b3692b94742df9b327222fee38de33f38e1a31794e7ff4b04376d535e6837-ol9_aarch64_appstream
nginx-mod-stream-1.20.1-28.0.1.el9_8.3.aarch64.rpmea8d9d92712cb4612ab59d3ee3526f8b123dc703a95867207cbd2b58f1ab5200-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nginx-1.20.1-28.0.1.el9_8.3.src.rpm60f6fc03a5c1572ca6f45dce04188d33433d595f9f237eb93ee16fc0556ba175-ol9_x86_64_appstream
nginx-1.20.1-28.0.1.el9_8.3.src.rpm60f6fc03a5c1572ca6f45dce04188d33433d595f9f237eb93ee16fc0556ba175-ol9_x86_64_codeready_builder
nginx-1.20.1-28.0.1.el9_8.3.x86_64.rpma7523099299c4870132f0e2b809a19a7ccfaf52814f38a7c969af61919c03fc1-ol9_x86_64_appstream
nginx-all-modules-1.20.1-28.0.1.el9_8.3.noarch.rpm0317af3b3c765458c42026915e79d9b5d8ad6857021264a4f0beb79ca4cc0531-ol9_x86_64_appstream
nginx-core-1.20.1-28.0.1.el9_8.3.x86_64.rpm0e858cd976de231dcbba58bedc8e00ede3b221c396b0eebe4e399d4336ae01a0-ol9_x86_64_appstream
nginx-filesystem-1.20.1-28.0.1.el9_8.3.noarch.rpm7ed7d8e1155181edcdbafcc4ecb59a324b4c23673430b41a60c1846965b48214-ol9_x86_64_appstream
nginx-mod-devel-1.20.1-28.0.1.el9_8.3.x86_64.rpm907a52e69007adcedaeaa15d4954ba9e46ee1a0306c2ffc3460497bee58e0cb0-ol9_x86_64_codeready_builder
nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.3.x86_64.rpm1a2c0879e48e6ee428e12ffec501e4ab80b9b3848b5865c9cc717ae76b92dcc1-ol9_x86_64_appstream
nginx-mod-http-perl-1.20.1-28.0.1.el9_8.3.x86_64.rpm6b3d5ddc58c88fefc58a8b7272ecd89cb620acbb662987158a8731ce960eab5e-ol9_x86_64_appstream
nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.3.x86_64.rpmc69bba2f381263aba0df988296a1841c7a1da7d623215cb442a1bad3f0c0d880-ol9_x86_64_appstream
nginx-mod-mail-1.20.1-28.0.1.el9_8.3.x86_64.rpmb6e651376298edb7fe8ca3e5f1261e57fa87f8f402120118e2dfe426ab9517c1-ol9_x86_64_appstream
nginx-mod-stream-1.20.1-28.0.1.el9_8.3.x86_64.rpm0a83e9e2f3230259084608cbae0b34a57fbbcedb16224584924560fc76b8a20e-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete