[El-errata] ELSA-2026-5581 Moderate: Oracle Linux 8 nginx:1.24 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Mar 25 05:52:14 UTC 2026
Oracle Linux Security Advisory ELSA-2026-5581
http://linux.oracle.com/errata/ELSA-2026-5581.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-all-modules-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm
nginx-filesystem-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm
nginx-mod-devel-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-mod-http-image-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-mod-http-perl-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-mod-http-xslt-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-mod-mail-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
nginx-mod-stream-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm
aarch64:
nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-all-modules-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm
nginx-filesystem-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm
nginx-mod-devel-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-mod-http-image-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-mod-http-perl-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-mod-http-xslt-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-mod-mail-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
nginx-mod-stream-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.src.rpm
Related CVEs:
CVE-2026-1642
Description of changes:
[1.24.0-2.0.1]
- Remove Red Hat references [Orabug: 29498217]
[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via
man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10
[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web
servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)
[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6
[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)
[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)
[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa)
Resolves: #1991787
[1:1.20.0-2]
- Resolves: #1991796 - build nginx with --with-compat
[1:1.20.0-1]
- new version 1.20.0
- Resolves: #1945671 - RFE: add nginx:1.20 module stream
More information about the El-errata
mailing list