Oracle alert ELSA-2026-6907 (nginx:1.24)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2026-6907 Important: Oracle Linux 8 nginx:1.24 security update | |
| Date: | Mon, 13 Apr 2026 21:54:42 -0700 | |
| Message-ID: | <mailman.10.1776338906.31.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2026-6907 http://linux.oracle.com/errata/ELSA-2026-6907.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm aarch64: nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.24.0-3.0.... Related CVEs: CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 Description of changes: [1.24.0-3.0.1] - Remove Red Hat references [Orabug: 29498217] [1:1.24.0-3] - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled - Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module - Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file [1:1.24.0-2] - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642) [1:1.24.0-1] - Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10 [1:1.22.1-2] - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487) [1:1.22.1-1] - Resolves: #2112345 - nginx:1.22 for RHEL 8 - add stream_geoip_module and stream_realip_module - remove obsolete --with-ipv6 [1:1.20.1-1] - rebase to 1.20.1 (addressing CVE-2021-23017) [1:1.20.0-4] - add delaycompress to logrotate config (#2015243) [1:1.20.0-3] - Add -mod-devel subpackage for building external nginx modules (Neal Gompa) Resolves: #1991787 [1:1.20.0-2] - Resolves: #1991796 - build nginx with --with-compat _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata