ELSA-2026-4705

Опубликовано: 17 мар. 2026

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2026-4705: nginx security update (MODERATE)

[2:1.26.3-2.0.1]

Reference oracle-indexhtml within Requires [Orabug: 33802044]

[2:1.26.3-2]

CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

nginx

1.26.3-2.0.1.el10_1

nginx-all-modules

1.26.3-2.0.1.el10_1

nginx-core

1.26.3-2.0.1.el10_1

nginx-filesystem

1.26.3-2.0.1.el10_1

nginx-mod-devel

1.26.3-2.0.1.el10_1

nginx-mod-http-image-filter

1.26.3-2.0.1.el10_1

nginx-mod-http-perl

1.26.3-2.0.1.el10_1

nginx-mod-http-xslt-filter

1.26.3-2.0.1.el10_1

nginx-mod-mail

1.26.3-2.0.1.el10_1

nginx-mod-stream

1.26.3-2.0.1.el10_1

Oracle Linux x86_64

nginx

1.26.3-2.0.1.el10_1

nginx-all-modules

1.26.3-2.0.1.el10_1

nginx-core

1.26.3-2.0.1.el10_1

nginx-filesystem

1.26.3-2.0.1.el10_1

nginx-mod-devel

1.26.3-2.0.1.el10_1

nginx-mod-http-image-filter

1.26.3-2.0.1.el10_1

nginx-mod-http-perl

1.26.3-2.0.1.el10_1

nginx-mod-http-xslt-filter

1.26.3-2.0.1.el10_1

nginx-mod-mail

1.26.3-2.0.1.el10_1

nginx-mod-stream

1.26.3-2.0.1.el10_1

Связанные CVE

CVE-2026-1642

Ссылки на источники

Связанные уязвимости

CVE-2026-1642

CVSS3: 5.9

ubuntu

около 2 месяцев назад

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.