ELSA-2026-6906

ULN >
Oracle Linux Errata repository >
ELSA-2026-6906

ELSA-2026-6906 - nginx security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-07

Description

[2:1.26.3-2.0.1.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]

[2:1.26.3-6]
- Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or
Code Execution via specially crafted MP4 files

[2:1.26.3-5]
- Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via
undisclosed requests when ngx_mail_auth_http_module is enabled

[2:1.26.3-4]
- Resolves: RHEL-159525 CVE-2026-27784 nginx: NGINX: Denial of Service due
to memory corruption via crafted MP4 file

[2:1.26.3-3]
- Resolves: RHEL-159546 CVE-2026-27654 nginx: NGINX: Denial of Service or
file modification via buffer overflow in ngx_http_dav_module

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	nginx-1.26.3-2.0.1.el10_1.1.src.rpm	01b90d1c7dc4d640a9a2b6ceb5fe67dfccefc95d366731ccd0ffdfda5407a5fe	-	ol10_aarch64_appstream
	nginx-1.26.3-2.0.1.el10_1.1.src.rpm	01b90d1c7dc4d640a9a2b6ceb5fe67dfccefc95d366731ccd0ffdfda5407a5fe	-	ol10_aarch64_codeready_builder
	nginx-1.26.3-2.0.1.el10_1.1.aarch64.rpm	51614078fe0b6d774738020fb51b3ec3cfa9db1df20b850eb2f0de9ae1df050e	-	ol10_aarch64_appstream
	nginx-all-modules-1.26.3-2.0.1.el10_1.1.noarch.rpm	945428279ad6b111c6c606719ceeea1b0819cf297fd03186a585d7e8614faed8	-	ol10_aarch64_appstream
	nginx-core-1.26.3-2.0.1.el10_1.1.aarch64.rpm	adf93808622ff68f4e6b52d92df9b3321f79e237b8d6cf4139a4cd795c7741ee	-	ol10_aarch64_appstream
	nginx-filesystem-1.26.3-2.0.1.el10_1.1.noarch.rpm	4d582605dc1c78f2902c6ea6cf39db80e28a1635af86b2f560b0f03f1a65c7f8	-	ol10_aarch64_appstream
	nginx-mod-devel-1.26.3-2.0.1.el10_1.1.aarch64.rpm	25020642cf8da70b349270ec58fe84c6b59c8e144f36aa4e408eb3fe45d4a153	-	ol10_aarch64_codeready_builder
	nginx-mod-http-image-filter-1.26.3-2.0.1.el10_1.1.aarch64.rpm	429f3703c58cc3a7c6b87014e4fda14d358fed530dfef01358c0b358379e98b5	-	ol10_aarch64_appstream
	nginx-mod-http-perl-1.26.3-2.0.1.el10_1.1.aarch64.rpm	c96daf04a2316be6f142d268f072af1ce206dcf636461dd1d8702167fa66a495	-	ol10_aarch64_appstream
	nginx-mod-http-xslt-filter-1.26.3-2.0.1.el10_1.1.aarch64.rpm	215eac435e6c3816030db306715e655f02ebb0a4b57c1f737c268d339b32f8b8	-	ol10_aarch64_appstream
	nginx-mod-mail-1.26.3-2.0.1.el10_1.1.aarch64.rpm	6ccfd74307ad7110c06ce69c7794b1103b07ce1be6081acfd1265cc147f0604a	-	ol10_aarch64_appstream
	nginx-mod-stream-1.26.3-2.0.1.el10_1.1.aarch64.rpm	fd2e092fc94d67f9558f0dc3de6999df8ee859858a8cae5db61331bde5fe65f2	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	nginx-1.26.3-2.0.1.el10_1.1.src.rpm	01b90d1c7dc4d640a9a2b6ceb5fe67dfccefc95d366731ccd0ffdfda5407a5fe	-	ol10_x86_64_appstream
	nginx-1.26.3-2.0.1.el10_1.1.src.rpm	01b90d1c7dc4d640a9a2b6ceb5fe67dfccefc95d366731ccd0ffdfda5407a5fe	-	ol10_x86_64_codeready_builder
	nginx-1.26.3-2.0.1.el10_1.1.x86_64.rpm	1fc1dbd856a511ac320d15fc7294c09aeb8fa405256acc0dda1a078d3d1e9ff8	-	ol10_x86_64_appstream
	nginx-all-modules-1.26.3-2.0.1.el10_1.1.noarch.rpm	945428279ad6b111c6c606719ceeea1b0819cf297fd03186a585d7e8614faed8	-	ol10_x86_64_appstream
	nginx-core-1.26.3-2.0.1.el10_1.1.x86_64.rpm	c4e9727faaeee577732cd5bbc95c17e398677a3214d24d9eaf1ba122751cb240	-	ol10_x86_64_appstream
	nginx-filesystem-1.26.3-2.0.1.el10_1.1.noarch.rpm	4d582605dc1c78f2902c6ea6cf39db80e28a1635af86b2f560b0f03f1a65c7f8	-	ol10_x86_64_appstream
	nginx-mod-devel-1.26.3-2.0.1.el10_1.1.x86_64.rpm	eb4177c6a924152365f126864d9e993af25118dd21efc3d7f8e4fb6e756f3fcd	-	ol10_x86_64_codeready_builder
	nginx-mod-http-image-filter-1.26.3-2.0.1.el10_1.1.x86_64.rpm	7eed1ed82811e68d13d6cb9cd8758bfc06a513d65c96f3d13680d84c90422f05	-	ol10_x86_64_appstream
	nginx-mod-http-perl-1.26.3-2.0.1.el10_1.1.x86_64.rpm	f15d6f9659981c1740307f01b71e0c1c4a485f1a236aadb48300266c0e7bb465	-	ol10_x86_64_appstream
	nginx-mod-http-xslt-filter-1.26.3-2.0.1.el10_1.1.x86_64.rpm	4de397282ac1b67d19eb54cdd9b2d0936a274686543d10ceeb27effe7180d660	-	ol10_x86_64_appstream
	nginx-mod-mail-1.26.3-2.0.1.el10_1.1.x86_64.rpm	e4296704c1e665185b8467ccaf957ca0906413d1a6768639f70706ad4def7df5	-	ol10_x86_64_appstream
	nginx-mod-stream-1.26.3-2.0.1.el10_1.1.x86_64.rpm	999b86fef9222d1ac92ba06560cbcfc41fa317660326372ac1c7ad9724dabf57	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691