Описание
ELSA-2026-3638: nginx:1.24 security update (MODERATE)
[1.24.0-5.1.0.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
[1:1.24.0-5.1]
- Resolves: RHEL-146526 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
[1:1.24.0-5]
- Resolves: RHEL-84480 - nginx:1.24/nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)
[1:1.24.0-4]
- Resolves: RHEL-49350 - nginx worker processes memory leak
[1:1.24.0-3]
- Resolves: RHEL-40622 - openssl 3.2 ENGINE regression in nginx
[1:1.24.0-2]
- Resolves: RHEL-38498 - Nginx seg faults when proxy_ssl_certificate is set
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module nginx:1.24 is enabled
nginx
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-all-modules
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-core
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-filesystem
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-devel
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-image-filter
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-perl
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-xslt-filter
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-mail
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-stream
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
Oracle Linux x86_64
Module nginx:1.24 is enabled
nginx
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-all-modules
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-core
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-filesystem
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-devel
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-image-filter
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-perl
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-http-xslt-filter
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-mail
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
nginx-mod-stream
1.24.0-5.0.1.module+el9.7.0+90821+c4114bda.1
Связанные CVE
Связанные уязвимости
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...
