ELSA-2026-36639

ELSA-2026-36639 - nginx:1.26 security, bug fix, and enhancement update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-09

Description


[1.26.3-9.0.1.2]
- Require oracle-indexhtml

[2:1.26.3-12]
- Resolves: RHEL-191774 - nginx: 'HTTP/2 bomb' nginx fix breaks module ABI
causing crashes

[2:1.26.3-11]
- nginx:1.26/nginx: HTTP/2: Remote Denial of Service via compression bomb
and Slowloris-style attack

[2:1.26.3-10]
- nginx: code execution and denial of service (CVE-2026-9256)

[2:1.26.3-9]
- Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution
Vulnerability (CVE-2026-42945)

[2:1.26.3-8]
- CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code
Execution via specially crafted MP4 files

[2:1.26.3-7]
- CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed
requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-6]
- CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory
corruption via crafted MP4 file

[2:1.26.3-5]
- CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file
modification via buffer overflow in ngx_http_dav_module

[2:1.26.3-4]
- CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack
on TLS proxied connections


Related CVEs


CVE-2026-42055

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) nginx-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.src.rpm797522a90970fbb49743d43b65c92a9cc19a28f530d2c449351a212e29872d10-ol9_aarch64_appstream
nginx-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpm6b4175a59bdb0fb65d7d4aefdda9aac80084c0e98a41e128b95416f1f76d3596-ol9_aarch64_appstream
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.noarch.rpm8ec3f2d2fb22baacc2fd774ec647e9cac9b826eb313f4db6c06869fae4d08a6a-ol9_aarch64_appstream
nginx-core-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpm5765ae96cd58e0c94d579c6c4ded5f0fabc8f8e4fd7535bd4c8cdf295b89f8c9-ol9_aarch64_appstream
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.noarch.rpm84368a917389d4cf9ff10c3b8b74dad49441eb8b009765b016a0a8c06af1b33b-ol9_aarch64_appstream
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpma8793bcacb911c09e22d9ab6783de1e02a2c47b1da5420c5223c6da003eadc0e-ol9_aarch64_appstream
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpm48b6c687a1c25c3c94d2b73bd812e1956c40553a2e21f6fddddac2b2f1dfae72-ol9_aarch64_appstream
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpme41ed199481f04f0db678c3ffbab3d94295a7e9aac2ccbf39d8d87c52e4d3738-ol9_aarch64_appstream
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpm15e8e885fb8ededaac46a929c48cfefb7c5f64a0281383df7cdafd68a7ee5d93-ol9_aarch64_appstream
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpmba423de1a521a5b1ad26aa27e3d4a2e0fa1e10cf606041867fc6185b2d08be2c-ol9_aarch64_appstream
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.aarch64.rpm4f7333426b821b812cd3dfc890a29fda38baba5c1acb1eb59ea2fc6b96aaa976-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) nginx-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.src.rpm797522a90970fbb49743d43b65c92a9cc19a28f530d2c449351a212e29872d10-ol9_x86_64_appstream
nginx-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm9038f17d00759d530216017315ca19d2edd1697a258a235c074d3a5d667cef6b-ol9_x86_64_appstream
nginx-all-modules-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.noarch.rpm8ec3f2d2fb22baacc2fd774ec647e9cac9b826eb313f4db6c06869fae4d08a6a-ol9_x86_64_appstream
nginx-core-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm9b485b406204935d0f1315e5e63fb6243a113fdf45b433b7b2c230fdc79eb138-ol9_x86_64_appstream
nginx-filesystem-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.noarch.rpm84368a917389d4cf9ff10c3b8b74dad49441eb8b009765b016a0a8c06af1b33b-ol9_x86_64_appstream
nginx-mod-devel-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpme4675f6cd669215294d1bde2019fa8f1f04925def522ad787ee79c936c2206b9-ol9_x86_64_appstream
nginx-mod-http-image-filter-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm5859bba197b947ea0e1ae402089285b2efd9bfe06cda76d1e4de25d850d9b17e-ol9_x86_64_appstream
nginx-mod-http-perl-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm5d4481b20cd77de1e0cd571c544931d7bfcd7b507aa8c7aa3372ead9408c3509-ol9_x86_64_appstream
nginx-mod-http-xslt-filter-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm9b301632066019bb6bc2262d8964e62bcbc597d91b16b23ae1d128a40637c00a-ol9_x86_64_appstream
nginx-mod-mail-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpma3e8ce02576b98bcaf5ef6e1c72379b9df022f93b73c180936f9736d4ec3298c-ol9_x86_64_appstream
nginx-mod-stream-1.26.3-9.0.1.module+el9.8.0+90950+a1e882cd.2.x86_64.rpm8bfc3c039df86563ebea2f3f5407db99af36e8e8ba4aade6ca19f3b9805e0072-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete