[ALSA-2026:36331] Important: nginx security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-08
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055) Bug Fix(es) and Enhancement(s): * nginx: "HTTP/2 bomb" nginx fix breaks module ABI causing crashes [almalinux-9.8.z] (JIRA:AlmaLinux-190800) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nginx-mod-stream-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 072336431d15cd163b2d8591ab9b6ac679be37b37988aaf4a8f392bd91fd5008
aarch64 nginx-mod-http-xslt-filter-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 1c490ba01c27299bf9e61f0174454b7c01ef8924bb6ace7f82a8db43c5465668
aarch64 nginx-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 406bd36f919695986d94f46b81365ac9c619cb2759c87e082d50dd150cc5bacf
aarch64 nginx-core-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 5803f2b00c98832820d1ee2a7719b59fe764a8e35d7c1ab31653c7ac67dfec22
aarch64 nginx-mod-http-perl-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 62c864483249aec2745048dc7ec4dc8a632a8d9a98105c00d4d07c254531976b
aarch64 nginx-mod-mail-1.20.1-28.el9_8.4.alma.1.aarch64.rpm 89ffea421c6b9f0b0cf540f690585f6ff7e269912e0435cfceafb7bb92956ea7
aarch64 nginx-mod-http-image-filter-1.20.1-28.el9_8.4.alma.1.aarch64.rpm c04a7892c29b77f575ed2845ed963b1aaa019da2fbdb7418f13dc9091d907cb1
aarch64 nginx-mod-devel-1.20.1-28.el9_8.4.alma.1.aarch64.rpm e2d38a3fb2dbb959d4bf9800c9408419316462464f68b5e864bd4bcd06ff9d88
noarch nginx-all-modules-1.20.1-28.el9_8.4.alma.1.noarch.rpm 8665b30d7efc8fb465161906dfc71481ce9fcae1abc34d23a76bad6a123e214e
noarch nginx-filesystem-1.20.1-28.el9_8.4.alma.1.noarch.rpm 8c0988d8ac95a3a733ba01e39ce1a88f106bba6456f114a97696d2ef4dc0eb68
ppc64le nginx-core-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 357fb6bb91668b9c9d25b993f5a663c87eae2251b2881aa79421e8a6406e8717
ppc64le nginx-mod-http-image-filter-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 3b2caf73c4f61da882ae827f103abfc96ecbdab21c061f493f56ec0e80bd6c29
ppc64le nginx-mod-http-xslt-filter-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 4867fa4f27a4a6284b9792bfc39839467103ed9e1ca3d7b0669272da090214f4
ppc64le nginx-mod-mail-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 4c802ba56ef68d03763d879d4d4e3035a3a401f7dc5b124d62acdeca805db53c
ppc64le nginx-mod-devel-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 576adc1b5c39f2af764470b5ddae83964561e001255e83137834c1703d3c78e4
ppc64le nginx-mod-http-perl-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 5e6e15165e1c1cf0aba7a87b633b49cba7b22e14e480f6d24c381c1eb6fa7a14
ppc64le nginx-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm 60bd02de07e3dc65028e1c772f6dca1b003b669f2018647efa105cf23cf02f86
ppc64le nginx-mod-stream-1.20.1-28.el9_8.4.alma.1.ppc64le.rpm b2eb58c7093752ff1a1224b3b47eb15acefbc0e1c6ab35eefa9d1d97d629ad91
s390x nginx-mod-stream-1.20.1-28.el9_8.4.alma.1.s390x.rpm 06a49b4b82e86a0e5eaf6eb241c6f36e819f65f2fe686f904e6c3c28e1504776
s390x nginx-mod-mail-1.20.1-28.el9_8.4.alma.1.s390x.rpm 16483425a03c49365c398174618efc57ce0b1efe0026611d64a40c49f0eefd22
s390x nginx-core-1.20.1-28.el9_8.4.alma.1.s390x.rpm 6833c9d25aed52c693361f0e9e25e8fb7498820d39cc3aa96a9cc3a6cacd80e8
s390x nginx-mod-devel-1.20.1-28.el9_8.4.alma.1.s390x.rpm 7f42deae2bf33725fcf8485ae1e457f4f3f6da9cb1d608d507e2ed96034fda85
s390x nginx-mod-http-xslt-filter-1.20.1-28.el9_8.4.alma.1.s390x.rpm a2b14649050130072d25c089c51aac458386093925cb33ef0922192a91d25967
s390x nginx-mod-http-perl-1.20.1-28.el9_8.4.alma.1.s390x.rpm b4a8cd6bcf12837de35119fa3e3fd6b6d5e6564b5b7fa9bea9e621995429c528
s390x nginx-1.20.1-28.el9_8.4.alma.1.s390x.rpm b53336dbe876099bcfea6a4cda68789f996938a5fa4f13537a6bd9ef6a073ab9
s390x nginx-mod-http-image-filter-1.20.1-28.el9_8.4.alma.1.s390x.rpm d2e276f8d3f030d07931c5e27dd9306ff23cef95232efb5058564d7b13ba32d7
x86_64 nginx-mod-http-xslt-filter-1.20.1-28.el9_8.4.alma.1.x86_64.rpm 0c3d86ce5158c7cdf316eafb67fb1e887db594331e984ccf2ee406b9501a50ea
x86_64 nginx-mod-stream-1.20.1-28.el9_8.4.alma.1.x86_64.rpm 3540dfe10a5be7ccd213eeb0ac4f8a0a9a65d27597d045a309887fc5c29f79da
x86_64 nginx-mod-devel-1.20.1-28.el9_8.4.alma.1.x86_64.rpm 62701209ea77e475847f9aeb58f7fc8c66d6641bccbea55263b163db11c49929
x86_64 nginx-mod-http-perl-1.20.1-28.el9_8.4.alma.1.x86_64.rpm 6be06086f733cdb7a2a2f82c0ec0ab5aa50e209bc6431c762e04ee6aa324a22f
x86_64 nginx-1.20.1-28.el9_8.4.alma.1.x86_64.rpm 8cc0a6d551d2d1019807b26f072312bd4e8f2c9728d408ae83728a6434dbf6ff
x86_64 nginx-core-1.20.1-28.el9_8.4.alma.1.x86_64.rpm b9a1309add4d111b780144adc7c599b67820f2459d206e616b857bb1ebef72f5
x86_64 nginx-mod-mail-1.20.1-28.el9_8.4.alma.1.x86_64.rpm c20e5ec27052502ee3595a8a0174305bb7544ceecb0f8e90329906d15c0edcef
x86_64 nginx-mod-http-image-filter-1.20.1-28.el9_8.4.alma.1.x86_64.rpm e519f0ec61c27cbdc3338f5a84468939b4ab0e3a447ab0c751d2630070156ff1
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.