ELSA-2026-6907

ULN >
Oracle Linux Errata repository >
ELSA-2026-6907

ELSA-2026-6907 - nginx:1.24 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-08

Description

[1.24.0-3.0.1]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-3]
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10

[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)

[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6

[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)

[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)

[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787

[1:1.20.0-2]
- Resolves: #1991796 - build nginx with --with-compat

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.src.rpm	0c4c357c84b0e7056b273dd9ea8944b783e812ee960b932ff62be4ee89d79e56	-	ol8_aarch64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	ba57c41c4c0b863d179cad776d0ba246730b8b6e53866de02a86972a5701da41	-	ol8_aarch64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm	4543c1df55090a5f3bddd856c91b15f649aeddf32c0eedf80baeb56fc5e95938	-	ol8_aarch64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm	563929c783a8ba18dc04aa1c55d38552c239153b57517b8d300ee83bb5629136	-	ol8_aarch64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	cbfe37c7df717a8ab071ddf402ca03bd023295a95932478ad1042a1b2583277a	-	ol8_aarch64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	fdf6014464319f8503f47a875acb0547acd6c1cbad0dfcd4641dfca09f069ced	-	ol8_aarch64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	b742449e04f3ece178024d4d9b64b131f97e02013c6029974701621ce1f6600d	-	ol8_aarch64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	1382457a4cb7e0c3975a4315b451549268d090670bb619387e992b974d696b48	-	ol8_aarch64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	a51071bf1068cf4aec49fb97bfef270dae1143a135a0a65fa1b38887ccfbdbc3	-	ol8_aarch64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm	64e9d6772f8d0e26c3d141e3490dc178aa68e8124a33194247bdd2e6c298ed35	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.src.rpm	0c4c357c84b0e7056b273dd9ea8944b783e812ee960b932ff62be4ee89d79e56	-	ol8_x86_64_appstream
	nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	07549b5e00480616d1ef4abc10d18708dd0c51e70c1140b928d4bca11093c400	-	ol8_x86_64_appstream
	nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm	4543c1df55090a5f3bddd856c91b15f649aeddf32c0eedf80baeb56fc5e95938	-	ol8_x86_64_appstream
	nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm	563929c783a8ba18dc04aa1c55d38552c239153b57517b8d300ee83bb5629136	-	ol8_x86_64_appstream
	nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	054e5b17c67d6412a1cfbffbc78da68b402b65fe71b8b3b4eb4b537d8eb3a30b	-	ol8_x86_64_appstream
	nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	3ef959d24623f28de87c5fe5173fa8dd3a45d8470d7304c83f0a13cc75eddb6e	-	ol8_x86_64_appstream
	nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	e5e7c36540f5c189502ed317afb1b04b3b9a6fda932e1357b1fbb20976a22af0	-	ol8_x86_64_appstream
	nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	5955fc8ce080ffa5c53d759cb1146419d42c59a2ee95e8623937b7a66653fe4e	-	ol8_x86_64_appstream
	nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	ad98265f92f04d571c4e43b2dc8b0078805895062a4413e9a81ae539fb79ccc1	-	ol8_x86_64_appstream
	nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm	2b123cd59519bb006fab94508609ac65cdcbac3c65f60948b81188c2c6e4811a	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691