Описание
ELSA-2026-5599: nginx security update (MODERATE)
[1.20.1-24.0.1.el9_7.1]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]
[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
[2:1.20.1-24]
- Resolves: RHEL-84477 - nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)
- Resolves: RHEL-85556 - nginx: Memory disclosure in the ngx_http_mp4_module (CVE-2022-41742)
- Resolves: RHEL-91446 - nginx: Memory corruption in the ngx_http_mp4_module (CVE-2022-41741)
[2:1.20.1-23]
- Resolves: RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
nginx-mod-devel
1.20.1-24.0.1.el9_7.1
nginx
1.20.1-24.0.1.el9_7.1
nginx-all-modules
1.20.1-24.0.1.el9_7.1
nginx-core
1.20.1-24.0.1.el9_7.1
nginx-filesystem
1.20.1-24.0.1.el9_7.1
nginx-mod-http-image-filter
1.20.1-24.0.1.el9_7.1
nginx-mod-http-perl
1.20.1-24.0.1.el9_7.1
nginx-mod-http-xslt-filter
1.20.1-24.0.1.el9_7.1
nginx-mod-mail
1.20.1-24.0.1.el9_7.1
nginx-mod-stream
1.20.1-24.0.1.el9_7.1
Oracle Linux x86_64
nginx
1.20.1-24.0.1.el9_7.1
nginx-all-modules
1.20.1-24.0.1.el9_7.1
nginx-core
1.20.1-24.0.1.el9_7.1
nginx-filesystem
1.20.1-24.0.1.el9_7.1
nginx-mod-http-image-filter
1.20.1-24.0.1.el9_7.1
nginx-mod-http-perl
1.20.1-24.0.1.el9_7.1
nginx-mod-http-xslt-filter
1.20.1-24.0.1.el9_7.1
nginx-mod-mail
1.20.1-24.0.1.el9_7.1
nginx-mod-stream
1.20.1-24.0.1.el9_7.1
nginx-mod-devel
1.20.1-24.0.1.el9_7.1
Связанные CVE
Связанные уязвимости
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...
