[El-errata] ELSA-2026-6907 Important: Oracle Linux 8 nginx:1.24 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Apr 14 04:54:42 UTC 2026
Oracle Linux Security Advisory ELSA-2026-6907
http://linux.oracle.com/errata/ELSA-2026-6907.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm
nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm
nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.x86_64.rpm
aarch64:
nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-all-modules-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm
nginx-filesystem-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.noarch.rpm
nginx-mod-devel-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-mod-http-image-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-mod-http-perl-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-mod-http-xslt-filter-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-mod-mail-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
nginx-mod-stream-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.24.0-3.0.1.module+el8.10.0+90862+391b69ae.src.rpm
Related CVEs:
CVE-2026-27651
CVE-2026-27654
CVE-2026-27784
CVE-2026-32647
Description of changes:
[1.24.0-3.0.1]
- Remove Red Hat references [Orabug: 29498217]
[1:1.24.0-3]
- Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of
Service or Code Execution via specially crafted MP4 files
- Resolves: RHEL-159436 CVE-2026-27651 nginx:1.24/nginx: NGINX: Denial of
Service via undisclosed requests when ngx_mail_auth_http_module is enabled
- Resolves: RHEL-159549 CVE-2026-27654 nginx:1.24/nginx: NGINX: Denial of
Service or file modification via buffer overflow in ngx_http_dav_module
- Resolves: RHEL-159528 CVE-2026-27784 nginx:1.24/nginx: NGINX: Denial of
Service due to memory corruption via crafted MP4 file
[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10
[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)
[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6
[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)
[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)
[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787
[1:1.20.0-2]
- Resolves: #1991796 - build nginx with --with-compat
More information about the El-errata
mailing list