ALSA-2026:6907

[ALSA-2026:6907] Important: nginx:1.24 security update

Type:

security

Severity:

important

Release date:

2026-04-14

Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.   

Security Fix(es):  

  * nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
  * NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
  * NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
  * NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nginx-mod-mail-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	60d832b9cf25a1da63f46324a440128e125aeae578de6d13e9cf02bc9c90fdfa
aarch64	nginx-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	6423b98e762b8842ffb8b53762e9e702fdc3d9a51bf542d61ed9bf14156f12a9
aarch64	nginx-mod-http-image-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	9ccfc44ffc49260d36b42d716f4c26e809ede4827a5581a1ce3cdda22cf0aa37
aarch64	nginx-mod-stream-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	bff4ff1f3b9884e1fd3651b09278a14c5a2f658e20ab2f518615468776062dd0
aarch64	nginx-mod-devel-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	c0b556827e9745f6c4e205153418e8f2ffdd5a9fb46fa35de36c74b6125c1ba0
aarch64	nginx-mod-http-xslt-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	da9442d6194c8005f4ec15b55c088a6597002c229696cb744e0cac0bafe5b310
aarch64	nginx-mod-http-perl-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.aarch64.rpm	fcfe786f2f5d71f9522a0629ed2d1fa4087f6a89f1f149349750bb7f3289e8f5
noarch	nginx-filesystem-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.noarch.rpm	232aeecbe7792b190428c3dbe534fa66b8238b90ad7fba7e0c41cdb9b66f5169
noarch	nginx-all-modules-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.noarch.rpm	f2c20501c45cd7990637895a0432563f9a7a2440eafe89ac2cb93c44a23cb1ce
ppc64le	nginx-mod-mail-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	00ee898a4d4a8d17c4478c13db976f0c5039220837df30541273044c463abb8b
ppc64le	nginx-mod-devel-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	03f2fbffb69aaeeb49f4177c7959ed64f0adcce1839c9505469fad479dff72ca
ppc64le	nginx-mod-http-perl-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	1e713089c5182314b1f180b81e12a5e158e034610e53dd286ce3cee842f8675d
ppc64le	nginx-mod-http-xslt-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	43c51da08a67419dcecefc96cb64ebff119038abee8c1bcedc6b513b103f4251
ppc64le	nginx-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	9afb086b279e275d1532381e019858c6ce51beb431a0c9b78d7abb3bf42268ef
ppc64le	nginx-mod-stream-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	aa769064418d6cb9090bf14110e11149e4163633b96dc427c7e69ff252052b7b
ppc64le	nginx-mod-http-image-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.ppc64le.rpm	f74ee1c46b225d163cb12b346476e55af601deafc554c44d932342853472cfa8
s390x	nginx-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	0559b30285106e626ee550e2ae14b1bf616cf89479ef158f834cb43ab18c00f5
s390x	nginx-mod-http-image-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	415c03f5f0fb33f4c491ea1a1ab30322eab07fb0cf13b692e293bafd44b280d4
s390x	nginx-mod-http-perl-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	8ba9716c1eaf3c928c093f8d68fe2c1f6064bc5ac03d9e48d9890488081b282a
s390x	nginx-mod-mail-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	b347b70555e4b50117cc9342dae29940bf6b8ba711c916bae54819ef2073eb59
s390x	nginx-mod-devel-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	be28e9d3789e07203626e02a1b7280b746b54c7e1207de7635c6bd2eb7af3de3
s390x	nginx-mod-stream-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	d09beabccb0043233a1acf65bc58e049305c9f0b0f44cffd34b3872af6a35900
s390x	nginx-mod-http-xslt-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.s390x.rpm	ee2ffb17b2a052649d170f5ffe912d902a8335a0caf5861b4aec368918d1587f
x86_64	nginx-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	2b22bbcf28522fd59d88305ba4f1b1b1fe038a7712992c312716a8abfa12ee59
x86_64	nginx-mod-http-perl-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	33c76b95c916b0431892f2abec079f1b5c9ee8f07217065398746083095d9271
x86_64	nginx-mod-mail-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	3cdf4c9d3fd54170303c86e72fa240782eaa52ab2be30afc842f4b88585248d8
x86_64	nginx-mod-http-xslt-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	ad349e40c9c57cbb1141aa52a27ca0e3107f3a24c5218510defb3a07c745aa63
x86_64	nginx-mod-devel-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	bd58d587bb33af1b376f32eda855c9e26fe71d946398abdc97ed8b4dde5fd0fc
x86_64	nginx-mod-stream-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	d312fd49c8d1efa451d5afd64b00106b5fae346568c8857a91330bb358e759c9
x86_64	nginx-mod-http-image-filter-1.24.0-3.module_el8.10.0+4159+021b4a2a.alma.1.x86_64.rpm	d67695bcc8291eebaf197f0e6efc0ddee41de1ee9b3df5d371e54476f87e070b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.