ELSA-2026-6923

ULN >
Oracle Linux Errata repository >
ELSA-2026-6923

ELSA-2026-6923 - nginx:1.24 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-08

Description

[1.24.0-5.2.0.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]

[1:1.24.0-5.2]
- Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159445 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159558 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159537 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file

[1:1.24.0-5.1]
- Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

[1:1.24.0-5]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause
denial of service (CVE-2024-7347)

[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak

[1:1.24.0-3]
- Resolves: RHEL-40622 - openssl 3.2 ENGINE regression in nginx

[1:1.24.0-2]
- Resolves: RHEL-38498 - Nginx seg faults when proxy_ssl_certificate is set

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.src.rpm	6b9c0adb01159fd5fd54f84f4e3f72501aa486cd67d21c3ef34141f2453ef53c	-	ol9_aarch64_appstream
	nginx-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	96ac81b5d18eb620d16a71c34880aec1e77caf8010e41d654efff1c4ad8096fc	-	ol9_aarch64_appstream
	nginx-all-modules-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.noarch.rpm	2e13d405d94562db85f867b15e5291dbe1b6723b485c9506b31d0f7fc17d7bd7	-	ol9_aarch64_appstream
	nginx-core-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	f2428d62500eaf933227453639bc1438c35392543c07f758e86475a4ab0bc293	-	ol9_aarch64_appstream
	nginx-filesystem-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.noarch.rpm	c1afd5c0ad5ce3d6cc603f91b39c268230574c5d53f0b69dc10c79fb74f1268d	-	ol9_aarch64_appstream
	nginx-mod-devel-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	6f5791df9fd19824c26194da0ce345c838e0b82a8f0834ba0ababf3e5f0ffb4a	-	ol9_aarch64_appstream
	nginx-mod-http-image-filter-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	4103070a932eacbb5d2e58a378537e44da4dff64b30b32f2ff9d3d3960239372	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	353f17c86dd21f027b07a3eb434a13a57dee855de4e95800abb546f0ec27e6b3	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	911dd0004a039fb860091386b59fea1cb5a197148ca5b026a1d3317062ba1f75	-	ol9_aarch64_appstream
	nginx-mod-mail-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	c5f70d63c59f5e7479a93f10d9ad9e30d21dc8693466f3866e873d6ffcbefd02	-	ol9_aarch64_appstream
	nginx-mod-stream-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.aarch64.rpm	ab7f1db67342c423a5a195d404eb86ee2f30e1f144f3f7e778154714f267134f	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.src.rpm	6b9c0adb01159fd5fd54f84f4e3f72501aa486cd67d21c3ef34141f2453ef53c	-	ol9_x86_64_appstream
	nginx-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	630cfe0db49c5d483ba55a8106ca9e47f8663a4682b0b6f0833a6f8bef1955b9	-	ol9_x86_64_appstream
	nginx-all-modules-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.noarch.rpm	2e13d405d94562db85f867b15e5291dbe1b6723b485c9506b31d0f7fc17d7bd7	-	ol9_x86_64_appstream
	nginx-core-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	58f1140e84609e7a9db1f6250d3ef78e92c12d6d9668d4c82a3b60b52c14ba6d	-	ol9_x86_64_appstream
	nginx-filesystem-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.noarch.rpm	c1afd5c0ad5ce3d6cc603f91b39c268230574c5d53f0b69dc10c79fb74f1268d	-	ol9_x86_64_appstream
	nginx-mod-devel-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	adb9a94e6fc1c60fe766d475c787269ced9068ea320d5bbea0f628db6e451a59	-	ol9_x86_64_appstream
	nginx-mod-http-image-filter-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	a593202aab962fb3fdca5d6899448801c98990e9f2357bb4fef23fb0d9db5e33	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	bd1465e3e018c9e0ecdea27f9fff7653240e06edd26531310799f466cf601bb7	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	1dbb406ecdb2a9346845cc9db12e9ed868384d9319e239723e614ac3be3be3cf	-	ol9_x86_64_appstream
	nginx-mod-mail-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	bb3d2b4b3da856140f4dce30c4e2f3371b251304457a31d450ef6de7dbf39b4c	-	ol9_x86_64_appstream
	nginx-mod-stream-1.24.0-5.0.1.module+el9.7.0+90864+a04e5d5f.2.x86_64.rpm	8586ae5af4d2b63a192bd0296319837d2bad5b2c96c7d5880a8f92167c3bd5cf	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691