Описание
ELSA-2026-7002: nginx security update (IMPORTANT)
[1.20.1-24.0.1.el9_7.2]
- Reference oracle-indexhtml within Requires [Orabug: 33802044]
- Remove Red Hat references [Orabug: 29498217]
- Update upstream references [Orabug: 36579090]
[2:1.20.1-24.2]
- Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159536 - CVE-2026-27784 nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
- Resolves: RHEL-159444 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-157885 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
[2:1.20.1-24.1]
- Resolves: RHEL-146525 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
nginx-mod-devel
1.20.1-24.0.1.el9_7.2
nginx
1.20.1-24.0.1.el9_7.2
nginx-all-modules
1.20.1-24.0.1.el9_7.2
nginx-core
1.20.1-24.0.1.el9_7.2
nginx-filesystem
1.20.1-24.0.1.el9_7.2
nginx-mod-http-image-filter
1.20.1-24.0.1.el9_7.2
nginx-mod-http-perl
1.20.1-24.0.1.el9_7.2
nginx-mod-http-xslt-filter
1.20.1-24.0.1.el9_7.2
nginx-mod-mail
1.20.1-24.0.1.el9_7.2
nginx-mod-stream
1.20.1-24.0.1.el9_7.2
Oracle Linux x86_64
nginx
1.20.1-24.0.1.el9_7.2
nginx-all-modules
1.20.1-24.0.1.el9_7.2
nginx-core
1.20.1-24.0.1.el9_7.2
nginx-filesystem
1.20.1-24.0.1.el9_7.2
nginx-mod-http-image-filter
1.20.1-24.0.1.el9_7.2
nginx-mod-http-perl
1.20.1-24.0.1.el9_7.2
nginx-mod-http-xslt-filter
1.20.1-24.0.1.el9_7.2
nginx-mod-mail
1.20.1-24.0.1.el9_7.2
nginx-mod-stream
1.20.1-24.0.1.el9_7.2
nginx-mod-devel
1.20.1-24.0.1.el9_7.2
