ELSA-2026-36618

ELSA-2026-36618 - nginx:1.24 security, bug fix, and enhancement update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-09

Description


[1.24.0-7.0.1.3]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-7.3]
- Resolves: RHEL-191773 - nginx: 'HTTP/2 bomb' nginx fix breaks module ABI
causing crashes
- Resolves: RHEL-188413 - nginx: NGINX: Arbitrary code execution or.
Denial of Service via heap-based buffer overflow with crafted HTTP/2
headers (CVE-2026-42055)

[1:1.24.0-7.2]
- Resolves: RHEL-178681 - nginx:1.24/nginx: code execution and denial
of service (CVE-2026-9256)
- Resolves: RHEL-182554 - nginx:1.24/nginx: HTTP/2: Remote Denial of
Service via compression bomb and Slowloris-style attack

[1:1.24.0-7.1]
- Resolves: RHEL-176234 - nginx:1.24/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[1:1.24.0-7]
- Resolves: RHEL-157889 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159448 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159561 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159540 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-6]
- Resolves: RHEL-146529 - CVE-2026-1642 nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections

[1:1.24.0-5]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)

[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak


Related CVEs


CVE-2026-42055

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nginx-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.src.rpmc3b95171dc7eb7ccecb93b3847104b37c8a87ddd66f96d877709cc82ca957a8d-ol9_aarch64_appstream
nginx-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm7d0c52687623b93f5bc0a612a65a6787921fa66ce5ce2900717af74c5d1038fb-ol9_aarch64_appstream
nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.noarch.rpm73a2bd51c2fe19eeaf59d9955497d18fa04b931c6f37d130175ccf62ce1b9790-ol9_aarch64_appstream
nginx-core-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpmc1e9bc958884d152174a8d56051a801d6065a8d91136f85c7c3c653df0949d0d-ol9_aarch64_appstream
nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.noarch.rpmef804ed1ca70e913fc3aa560a58f2b2283cdb47d881fdfe41100b1dcfe3d929b-ol9_aarch64_appstream
nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm88fdd9a6b3b524b091ae5cbe0652f0d24c1cfcafa7714207cc2a0555195aa7be-ol9_aarch64_appstream
nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm65550baf38a58c4434a6d6fe4a258ae46a69c61b990706f26c9ff001861a67e7-ol9_aarch64_appstream
nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm196260794f00e5debb8e516993a4950845b5bad21b48e85c78aca6aa56efe3ce-ol9_aarch64_appstream
nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpmf3025c9a567b75551b1ee8373bd5c6113a316a668b0b262fa78ca32f154967df-ol9_aarch64_appstream
nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm51ded7e92a2757e8f1b2eef88c41a2bb789d212548656d69f21257e385a7b9f5-ol9_aarch64_appstream
nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.aarch64.rpm07e8e3903235280217bbe1779909a849f0aee14d1760d863b642a05fa03e7948-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nginx-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.src.rpmc3b95171dc7eb7ccecb93b3847104b37c8a87ddd66f96d877709cc82ca957a8d-ol9_x86_64_appstream
nginx-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpmec7f797d5f737a30ff1b1c5ac58dff2ad77759cb67fc983207767e7e6cb5a6ce-ol9_x86_64_appstream
nginx-all-modules-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.noarch.rpm73a2bd51c2fe19eeaf59d9955497d18fa04b931c6f37d130175ccf62ce1b9790-ol9_x86_64_appstream
nginx-core-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm7da2800e9943a49cf2e0650a20b156ddfe7442f4a21ce05f12e823f4a25efc3b-ol9_x86_64_appstream
nginx-filesystem-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.noarch.rpmef804ed1ca70e913fc3aa560a58f2b2283cdb47d881fdfe41100b1dcfe3d929b-ol9_x86_64_appstream
nginx-mod-devel-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm0b5232c9fd5ba26f06c161595119597b105ee3e690c749b46d19453c905e3e22-ol9_x86_64_appstream
nginx-mod-http-image-filter-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm46e20afca8915baa3e124996306bf4e936beb565eac16b60f539a18677f4ac1c-ol9_x86_64_appstream
nginx-mod-http-perl-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm4e36ee26e9f55cf597ef8677fb7cb83d37abe4d2cf643d89be6600502c6becbe-ol9_x86_64_appstream
nginx-mod-http-xslt-filter-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm0a7300689d2f24a52a971855dbb42ccf3ac7f5eb3862158f07595b79089e15f0-ol9_x86_64_appstream
nginx-mod-mail-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpm87a745742acde4a8f313beab17827425e5d81efa3ef4f6e2cbacac88f706d3c4-ol9_x86_64_appstream
nginx-mod-stream-1.24.0-7.0.1.module+el9.8.0+90951+a848b39d.3.x86_64.rpmb418c6510d9db3c1f0b74b8a05b3781688dab414fd4289df06930a7dacf11906-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete