Oracle alert ELSA-2026-7343 (nginx:1.26)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2026-7343 Important: Oracle Linux 9 nginx:1.26 security update | |
| Date: | Mon, 13 Apr 2026 21:55:29 -0700 | |
| Message-ID: | <mailman.32.1776339550.31.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2026-7343 http://linux.oracle.com/errata/ELSA-2026-7343.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nginx-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-all-modules-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.noarch.rpm nginx-core-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-filesystem-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.noarch.rpm nginx-mod-devel-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-mod-http-image-filter-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-mod-http-perl-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-mod-http-xslt-filter-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-mod-mail-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm nginx-mod-stream-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.x86_64.rpm aarch64: nginx-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-all-modules-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.noarch.rpm nginx-core-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-filesystem-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.noarch.rpm nginx-mod-devel-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-mod-http-image-filter-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-mod-http-perl-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-mod-http-xslt-filter-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-mod-mail-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm nginx-mod-stream-1.26.3-2.0.1.module+el9.7.0+90870+e191ebad.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.26.3-2.0.... Related CVEs: CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 Description of changes: [2:1.26.3-2.0.1.1] - Require oracle-indexhtml [2:1.26.3-6] - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files [2:1.26.3-5] - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [2:1.26.3-4] - Resolves: RHEL-159538 - CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file [2:1.26.3-3] - Resolves: RHEL-159559 - CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module [2:1.26.3-2] - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642) [2:1.26.3-1] - New version 1.26.3 [2:1.26.2-4] - Use systemd-sysusers [2:1.26.2-3] - Fix PKCS-11 support [2:1.26.2-2] - Adjust QE files _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata