ELSA-2026-7002

ULN >
Oracle Linux Errata repository >
ELSA-2026-7002

ELSA-2026-7002 - nginx security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-08

Description

[1.20.1-24.0.1.el9_7.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]

[2:1.20.1-24.2]
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle
attack on TLS proxied connections (CVE-2026-1642)

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nginx-1.20.1-24.0.1.el9_7.2.src.rpm	489807033e47b80099952bfe83ac356ce061f353d14839f557b028bc91144954	-	ol9_aarch64_appstream
	nginx-1.20.1-24.0.1.el9_7.2.src.rpm	489807033e47b80099952bfe83ac356ce061f353d14839f557b028bc91144954	-	ol9_aarch64_codeready_builder
	nginx-1.20.1-24.0.1.el9_7.2.aarch64.rpm	d4724f1234364f02f8a10685fc777beaf8d74002f4dd09c0b9efc870ae5aabb6	-	ol9_aarch64_appstream
	nginx-all-modules-1.20.1-24.0.1.el9_7.2.noarch.rpm	0a718e125cb35ea767e297b66386ddd865f1ee38c6a7865f82e1c20a7d8109b8	-	ol9_aarch64_appstream
	nginx-core-1.20.1-24.0.1.el9_7.2.aarch64.rpm	293db6dcd79cc57773a3ec3fb065ad39081f12bb2abf5e2a053a8b36fe6621cf	-	ol9_aarch64_appstream
	nginx-filesystem-1.20.1-24.0.1.el9_7.2.noarch.rpm	b49cfce76f65ce8ba3447f1dd5ed548cbc6a5767bed277b55087f491d1ac8b95	-	ol9_aarch64_appstream
	nginx-mod-devel-1.20.1-24.0.1.el9_7.2.aarch64.rpm	fd238080ac4e84bdd98d340c17d06ea7a5f0503af3dc13c7d6c820a1b7915de0	-	ol9_aarch64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.2.aarch64.rpm	abe9348d42fbec625f7c7da5ca70c7f978ff381ff266afd18c15c6cc661249df	-	ol9_aarch64_appstream
	nginx-mod-http-perl-1.20.1-24.0.1.el9_7.2.aarch64.rpm	48b60943b11d25402d9d16c76d6a4f149dba0e3a6c69c5a8a29f988d696abece	-	ol9_aarch64_appstream
	nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.2.aarch64.rpm	64cfb3b87e0045aabe459e3abaf2c846cc947c23c6fe0bf6f45fc62e41f925ff	-	ol9_aarch64_appstream
	nginx-mod-mail-1.20.1-24.0.1.el9_7.2.aarch64.rpm	9e6ad51de2bc62beb6a84f44f76101c602a431e9fc629c084d05505a41a1605c	-	ol9_aarch64_appstream
	nginx-mod-stream-1.20.1-24.0.1.el9_7.2.aarch64.rpm	8effdcc86c5513b9c83712652ac8e9e30cb475e39077f626ead34ba512c9684f	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nginx-1.20.1-24.0.1.el9_7.2.src.rpm	489807033e47b80099952bfe83ac356ce061f353d14839f557b028bc91144954	-	ol9_x86_64_appstream
	nginx-1.20.1-24.0.1.el9_7.2.src.rpm	489807033e47b80099952bfe83ac356ce061f353d14839f557b028bc91144954	-	ol9_x86_64_codeready_builder
	nginx-1.20.1-24.0.1.el9_7.2.x86_64.rpm	d6aa7de00b17c62fe15529a50aad3d8bc68c52155ce997d3ff9bfe2fc36d9ad0	-	ol9_x86_64_appstream
	nginx-all-modules-1.20.1-24.0.1.el9_7.2.noarch.rpm	0a718e125cb35ea767e297b66386ddd865f1ee38c6a7865f82e1c20a7d8109b8	-	ol9_x86_64_appstream
	nginx-core-1.20.1-24.0.1.el9_7.2.x86_64.rpm	15a6e6ee305f8d64af22b86dc60624fdecc9905643149a28ff576631b92d16b7	-	ol9_x86_64_appstream
	nginx-filesystem-1.20.1-24.0.1.el9_7.2.noarch.rpm	b49cfce76f65ce8ba3447f1dd5ed548cbc6a5767bed277b55087f491d1ac8b95	-	ol9_x86_64_appstream
	nginx-mod-devel-1.20.1-24.0.1.el9_7.2.x86_64.rpm	51c8b9efc3ed2078801545f88bfeeaada2026f3e8cd68ed737a44f5283c8a2c9	-	ol9_x86_64_codeready_builder
	nginx-mod-http-image-filter-1.20.1-24.0.1.el9_7.2.x86_64.rpm	b5d90e5ac2cd5e4616adb8763a98b398811ecec8f84447e62853689df1971ac1	-	ol9_x86_64_appstream
	nginx-mod-http-perl-1.20.1-24.0.1.el9_7.2.x86_64.rpm	459a257129f6d9b98a07fb5b432937e3fe68c513446bba616ac2aed8c55a0627	-	ol9_x86_64_appstream
	nginx-mod-http-xslt-filter-1.20.1-24.0.1.el9_7.2.x86_64.rpm	d35a819192d50536a8cdf5ebf3681766265dcd6008691ad451d2b7b6fd41f61e	-	ol9_x86_64_appstream
	nginx-mod-mail-1.20.1-24.0.1.el9_7.2.x86_64.rpm	bd024f27636f96be37bf08a5cdf89de78628e165f9ae6c54550f2ee7db5b3e66	-	ol9_x86_64_appstream
	nginx-mod-stream-1.20.1-24.0.1.el9_7.2.x86_64.rpm	6e4ba1cd7e1f9fcef6db282b445d189269c020832fddb8435807f4717d14f199	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691