[ALSA-2026:36364] Important: nginx security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-08
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055) Bug Fix(es) and Enhancement(s): * "HTTP/2 bomb" nginx fix breaks module ABI causing crashes [almalinux-10.2.z] (JIRA:AlmaLinux-191778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nginx-mod-http-image-filter-1.26.3-6.el10_2.5.aarch64.rpm 0b50f46f5d190e97026aa20f8f4a3dc70918508e66d438102771bd077683aa24
aarch64 nginx-mod-devel-1.26.3-6.el10_2.5.aarch64.rpm 32746e1138507248f4938da549e2b793cab7104214e07419a50dd2b6513deb47
aarch64 nginx-mod-http-xslt-filter-1.26.3-6.el10_2.5.aarch64.rpm 5f647d048b359ea2a611ca49cba7ee755b6bd3efaf6ab613ca140e220a8e6a5f
aarch64 nginx-1.26.3-6.el10_2.5.aarch64.rpm 77819453304f4c4b7ae7ce34c3f702463cb69768f62ac94a59be4bc21a9d1867
aarch64 nginx-core-1.26.3-6.el10_2.5.aarch64.rpm 8ef714150f45dbe07d1bd4e9948a1e7c1cadc51335471a973c21532a8624ab3b
aarch64 nginx-mod-stream-1.26.3-6.el10_2.5.aarch64.rpm a89c9b85eb8bf053151152ffbb8d4d1f4afd2d0dc3a36d9fb40e12d53ca0ac21
aarch64 nginx-mod-mail-1.26.3-6.el10_2.5.aarch64.rpm c2448d3c059dd2cd2daa41c5dca3362b966a232521d6b755cc404a7870606179
aarch64 nginx-mod-http-perl-1.26.3-6.el10_2.5.aarch64.rpm c66805b07378c6cefbc92412557e1f113532557eccb3ecec1ea87d3bd2ee74c8
noarch nginx-all-modules-1.26.3-6.el10_2.5.noarch.rpm 63783f2757ef9f4c14eb7739660124c6c7d8094475d4b3333f54aa552c72f0fd
noarch nginx-filesystem-1.26.3-6.el10_2.5.noarch.rpm e33cd1bd4272896159c0e7c1cd3fb48f85a85d98e7641fd3ac67aa121ff5fae5
ppc64le nginx-mod-http-perl-1.26.3-6.el10_2.5.ppc64le.rpm 1f2a5aef25b58c2c34c56f0f45e1d24a7a5d18cfd2194647f0b8841b238b17a1
ppc64le nginx-1.26.3-6.el10_2.5.ppc64le.rpm 27db95d93ae706e30439b10030641ebccaefac3bdc83378a3c5b3660bbd291e0
ppc64le nginx-mod-http-image-filter-1.26.3-6.el10_2.5.ppc64le.rpm 3f7f0f78b4cf73bee94ed692ff50ed74e2f608a25050047caec0f8dbee8f74ef
ppc64le nginx-mod-stream-1.26.3-6.el10_2.5.ppc64le.rpm 5da1cba143050f6340b8a93e41c750379e3a1e0b262e5dd7fce70a6c35dfc507
ppc64le nginx-core-1.26.3-6.el10_2.5.ppc64le.rpm 76bcce5d83c0e4f90b4b96a2bac34910721a2d94cf955245b77c98c367f83832
ppc64le nginx-mod-devel-1.26.3-6.el10_2.5.ppc64le.rpm d0ac1c7d312efe9f575232bb87122bd12b7f33d3face4b9b0eddcdf9c929bd8c
ppc64le nginx-mod-mail-1.26.3-6.el10_2.5.ppc64le.rpm da5d8374ea2690056046b5b66ffb56296916456fcafeb2f80e122e57bdf4a0c2
ppc64le nginx-mod-http-xslt-filter-1.26.3-6.el10_2.5.ppc64le.rpm fc4b6aac4264044ba7c9e54a3cae3b2d1bbdf53946e721ace5c6c7284e8c3776
s390x nginx-mod-http-perl-1.26.3-6.el10_2.5.s390x.rpm 0604b367c9847b9db624fdf719185db15b416350530a73f63f39cae0de1362a0
s390x nginx-mod-stream-1.26.3-6.el10_2.5.s390x.rpm 20e8136a2a0a18b1134d272a8bc62471a64c97d4bda4a1890ec5ddf7a6275970
s390x nginx-mod-devel-1.26.3-6.el10_2.5.s390x.rpm 4a1cfeddb2d52e72fc02ee88cfa7681211c69243ce6c4fa7e04fa752490c1958
s390x nginx-mod-http-image-filter-1.26.3-6.el10_2.5.s390x.rpm 565f7c1a3ed8f69d95412c61819ad503c63e437d0cd68cbf55aea0b7ad0ef3c3
s390x nginx-mod-mail-1.26.3-6.el10_2.5.s390x.rpm 5a51d514998ce5c01e7ebed9b69f5bcd36b6942db3479b7d15f5ccbbcb22d09d
s390x nginx-mod-http-xslt-filter-1.26.3-6.el10_2.5.s390x.rpm 5ef249c5350383cdcd6d70138bf0b797a122b2947bd8cb8d9d3580edbe19c476
s390x nginx-core-1.26.3-6.el10_2.5.s390x.rpm 7d53a00736ba04658597505454f63ed2f1dc161aee5665b6126fda3cd8d79a22
s390x nginx-1.26.3-6.el10_2.5.s390x.rpm b71ab55552cc556821467973295eb302bc4269b536e7e3f1176d47ce7c5d0988
x86_64 nginx-1.26.3-6.el10_2.5.x86_64.rpm 001ba9523912130b6794361a5f942965a9453d904d2a2440895e3c19516c9ccc
x86_64 nginx-core-1.26.3-6.el10_2.5.x86_64.rpm 737ec213dbf9ba1be9dbb7c32a3191e5dadb2c45253e986dcffd1fb2578c3f2f
x86_64 nginx-mod-devel-1.26.3-6.el10_2.5.x86_64.rpm 80437125b6491a4d0e9b5fd4603076cb1b4d877948f82dcaa0c5ae2561a8379a
x86_64 nginx-mod-http-image-filter-1.26.3-6.el10_2.5.x86_64.rpm c7f6461118c1df5d4d1f8616d2851023992de54cbdb76ba491c6bccee7707e7a
x86_64 nginx-mod-http-perl-1.26.3-6.el10_2.5.x86_64.rpm cbae987d1ab79aa200bd7fcea653412cd88aa9758053cdcd27f786ec5d880441
x86_64 nginx-mod-mail-1.26.3-6.el10_2.5.x86_64.rpm e18fe3178e3a3de4db4de59e7f49bf6fb0f94ac0bdd3c152d7d3c034027397f8
x86_64 nginx-mod-stream-1.26.3-6.el10_2.5.x86_64.rpm e5b3c6ea3b15e7d2db7ac570879cb779c25648ee14048b71b5624917f26ac677
x86_64 nginx-mod-http-xslt-filter-1.26.3-6.el10_2.5.x86_64.rpm ecc550ec6fadb2cd848b043814c4a6aa6cf2e4205d682f2822bd75185ad2e8c0
x86_64_v2 nginx-mod-devel-1.26.3-6.el10_2.5.x86_64_v2.rpm 161f22935088cb43637f310a75597562d68ad58fbbbb4bd3bd21ab18a6fa1586
x86_64_v2 nginx-mod-stream-1.26.3-6.el10_2.5.x86_64_v2.rpm 1a799b5777ccb396f446d6fc3ce679b7e71442c079a057f2f92c1bf66db6d035
x86_64_v2 nginx-mod-http-xslt-filter-1.26.3-6.el10_2.5.x86_64_v2.rpm 74d33d79a2624cac0988e7b6b9b5c3b824637e7fd57aa0a540cd09919387708e
x86_64_v2 nginx-mod-http-perl-1.26.3-6.el10_2.5.x86_64_v2.rpm 79f5464576f3e429b4d727bc825fbbec31128892f242e932f0236d871e833c54
x86_64_v2 nginx-1.26.3-6.el10_2.5.x86_64_v2.rpm a9c2539f65028262d9e4ad27dd2f1a6ce598671c4c8dd1a74bb703954478dfc9
x86_64_v2 nginx-mod-mail-1.26.3-6.el10_2.5.x86_64_v2.rpm bba519b65a069f3044bfba3642cf0abb84d35f4d6060f68cc4ed648fa6675e5f
x86_64_v2 nginx-mod-http-image-filter-1.26.3-6.el10_2.5.x86_64_v2.rpm ca70abc675dc4e28cf491f87231f03e3dfb3fdf59de5b5210a8013d6572f2956
x86_64_v2 nginx-core-1.26.3-6.el10_2.5.x86_64_v2.rpm cf064e1321fe46ea4e6d92a1ea56b58c2940ebb2a688669ded0345d9bd5d43cb
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.