ALSA-2026:6906

[ALSA-2026:6906] Important: nginx security update

Type:

security

Severity:

important

Release date:

2026-04-09

Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.   

Security Fix(es):  

  * nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
  * NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
  * NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
  * NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nginx-mod-devel-1.26.3-2.el10_1.1.aarch64.rpm	43ea881976961b63f803af2e50159218f253eb54fb51af85a0d5ea0f6fccc4b3
aarch64	nginx-mod-http-xslt-filter-1.26.3-2.el10_1.1.aarch64.rpm	4e703b7385633cca7f62f944740671442b6309c9538213d249cbe17cee729431
aarch64	nginx-mod-stream-1.26.3-2.el10_1.1.aarch64.rpm	72a6dfb62e5c09cee8d5587730f9a77aa70bd6068722c35e3a3de276b44cc792
aarch64	nginx-mod-http-image-filter-1.26.3-2.el10_1.1.aarch64.rpm	7cb3cea5f62cfd0caa6fd173030b83fc6c6a3cb3f1c02065251e9eb0d582a6a7
aarch64	nginx-1.26.3-2.el10_1.1.aarch64.rpm	80f145eb466d7af927782b7569629c0e4253795c82419d6a6ab946243a12ed39
aarch64	nginx-mod-mail-1.26.3-2.el10_1.1.aarch64.rpm	836dbfd98cbe09b3d44f57adf04d9e8acf65b7128da4121bf5a7d033f787c77a
aarch64	nginx-core-1.26.3-2.el10_1.1.aarch64.rpm	953b9dd3ec7447bff1141f57816abf168f3caeaa98949eab6a86c408a8c40522
aarch64	nginx-mod-http-perl-1.26.3-2.el10_1.1.aarch64.rpm	b532f28448012e801d728a8e8e73bb5b6f911f0cc7b07c2749fa2bc7939aa6ae
noarch	nginx-all-modules-1.26.3-2.el10_1.1.noarch.rpm	5b1c5fd70e0b1f9d47540eeb6755f33520d2463594a89378ac69c50090d13882
noarch	nginx-filesystem-1.26.3-2.el10_1.1.noarch.rpm	9aee86de0234e36073a7df53cbed67bc23ce4a93482436b58b3ab7b95dd5c94e
ppc64le	nginx-mod-devel-1.26.3-2.el10_1.1.ppc64le.rpm	331d8fbe9b466814a74348eaaa6c1b55bca43818dfacb73bf6bdd00d19610d1f
ppc64le	nginx-mod-http-xslt-filter-1.26.3-2.el10_1.1.ppc64le.rpm	4c4330e0dc1a5eb9d8a3d857637b29a3db2c2a10dafd599a00f3f04f7ae8ea14
ppc64le	nginx-mod-http-perl-1.26.3-2.el10_1.1.ppc64le.rpm	52d8e25a8ca91d1f5d0824ba2a7b79c65b8425b751431e9e61475cf5b4393093
ppc64le	nginx-mod-http-image-filter-1.26.3-2.el10_1.1.ppc64le.rpm	6b152036f6954ff21baff4202d37c82dc99d9b651a424cef5d3a633779b19bcf
ppc64le	nginx-1.26.3-2.el10_1.1.ppc64le.rpm	6e05bf94aae2ab0c4ec417204567825b57e03f5a19c5d334be90fa37ccfe6a5b
ppc64le	nginx-mod-stream-1.26.3-2.el10_1.1.ppc64le.rpm	896209a4b01e084eca0eb38675ae0a163c97e55fe4eb2de23a85bfc15a3d30f7
ppc64le	nginx-core-1.26.3-2.el10_1.1.ppc64le.rpm	c400ba62b205c6249e4e510a73513c92019300f1db45b67eaf5de77e83404a49
ppc64le	nginx-mod-mail-1.26.3-2.el10_1.1.ppc64le.rpm	ddcc8bc6cde73cb9b747ebd29d8eff43ba30560bf8061c523346a5632ac950a6
s390x	nginx-mod-mail-1.26.3-2.el10_1.1.s390x.rpm	2cd3ba607a2ef2af6b28701848b0a32cec534335bb244533a309d025e77fbe1f
s390x	nginx-1.26.3-2.el10_1.1.s390x.rpm	9e37f5aaa0464df29e1e7bcfa57e2529a7486932152a7322e1514876163f96be
s390x	nginx-mod-stream-1.26.3-2.el10_1.1.s390x.rpm	a8b21c521564e99b33c69549c17d70d495ac34c5203b18797e03fa08a8b599f8
s390x	nginx-mod-http-xslt-filter-1.26.3-2.el10_1.1.s390x.rpm	b2eafbf4f8d37a80b14988a1f51ac18f3bd2c79713dbf9745c379e5207df685d
s390x	nginx-mod-http-image-filter-1.26.3-2.el10_1.1.s390x.rpm	bcf5ec0acfef78e17bea734917a7299ebaf8623c10e6eb8aef58f73bc300c825
s390x	nginx-core-1.26.3-2.el10_1.1.s390x.rpm	ca25942c01c96dc96fc07fea5dd4b76679edf925d94ec722ec6015f4c51e66fa
s390x	nginx-mod-devel-1.26.3-2.el10_1.1.s390x.rpm	cdabcf3d995f61b84434fd5dd051d70af87634ae334ea48b09e25ebc1079280a
s390x	nginx-mod-http-perl-1.26.3-2.el10_1.1.s390x.rpm	fb58401ac0b00febb2d8516b51b137ae782a861ca2df217c6fb3cca15eee9044
x86_64	nginx-mod-mail-1.26.3-2.el10_1.1.x86_64.rpm	0f34c145340fc7760e6d4f9c1d0f3c61dbed3a540efeec29b2124aeb24166259
x86_64	nginx-1.26.3-2.el10_1.1.x86_64.rpm	5c80edb58e05fd5ae9a81f346cfd0a69a2b5c3c97aefdc1a80c32e60e436f959
x86_64	nginx-mod-http-image-filter-1.26.3-2.el10_1.1.x86_64.rpm	5e6b09476ec25723fc3f93d5c0ab6c7b456a321a0a734124b2b25a8bb69637d5
x86_64	nginx-mod-http-xslt-filter-1.26.3-2.el10_1.1.x86_64.rpm	63e24f2596b370b9c7f57d7f311b889c9d96d4e9baa01453bd1ff52e0161042a
x86_64	nginx-core-1.26.3-2.el10_1.1.x86_64.rpm	973aa2eb207e7e491db10347d0e7ec96e0e3b3c4d19624e519c78a85d2602210
x86_64	nginx-mod-devel-1.26.3-2.el10_1.1.x86_64.rpm	98c6ef1076d6cb969f349f208dfdb7acda7a73adafe643bb3f17cab082b0cf11
x86_64	nginx-mod-stream-1.26.3-2.el10_1.1.x86_64.rpm	9f4307fe4f01c0c5246cd143b8c9e57001f5259c9084f1cb7068b062a4aebbbf
x86_64	nginx-mod-http-perl-1.26.3-2.el10_1.1.x86_64.rpm	e3a52f26bbc85b17f672834dc0e5da2bd7906063d237f40030591dc9e47e7db9
x86_64_v2	nginx-mod-devel-1.26.3-2.el10_1.1.x86_64_v2.rpm	3a4c2cb6021b43d5387894815707300d5718a370a8180b4385f88f3812796a81
x86_64_v2	nginx-mod-stream-1.26.3-2.el10_1.1.x86_64_v2.rpm	4f9349a3c11ae26d33bd3840d04aee13b4fa8f04bfaf3e512a1f307d42837c3e
x86_64_v2	nginx-1.26.3-2.el10_1.1.x86_64_v2.rpm	6c16fadfd9ad2f2b0dcd5d39405c437ae2bcd500c9c0f4d497f23dce4ab015b3
x86_64_v2	nginx-mod-http-perl-1.26.3-2.el10_1.1.x86_64_v2.rpm	768b43bd962055c0b5635fd11e70a28fce95eaa8b3b72f9fa6823c7bb5d603b5
x86_64_v2	nginx-mod-http-image-filter-1.26.3-2.el10_1.1.x86_64_v2.rpm	9d044a6e399ce839ab24f4207897b816a0a9f3f61fb0f9d39af25e83cee1bee5
x86_64_v2	nginx-mod-http-xslt-filter-1.26.3-2.el10_1.1.x86_64_v2.rpm	b443a04f1a9585b3fe22bf70bdcbd09e174179a1cdb2704461a8fae69a5630cb
x86_64_v2	nginx-mod-mail-1.26.3-2.el10_1.1.x86_64_v2.rpm	f5258e22567895ee811432ca4107d8abd620ba6b904aadbd090c3a8a1b720d35
x86_64_v2	nginx-core-1.26.3-2.el10_1.1.x86_64_v2.rpm	f8bfd1a23d6d55aad66d6e19283010e1d296819319e1d6ce674b32413a70b61b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.