[ALSA-2026:36618] Important: nginx:1.24 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-09
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055) Bug Fix(es) and Enhancement(s): * nginx:1.24/nginx: "HTTP/2 bomb" nginx fix breaks module ABI causing crashes [almalinux-9.8.z] (JIRA:AlmaLinux-191773) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nginx-mod-http-xslt-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm 23dd2e631a543dacc7b0ff565ceacecf79105d72950dc83be32c2f3c6a8d947f
aarch64 nginx-mod-http-perl-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm 4773f8c5d103856aacfd525228b7cc091d146ab9decfed08865992bb8d0cd4f6
aarch64 nginx-mod-http-image-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm 6116af4c9fb534d9caff486dd5810720e30fd156dceadd3aa29835ec1ff66c86
aarch64 nginx-core-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm 7e0709ab57c913ab642d9a667780454be9da0d478bbef3b3b7ba09804c47fcef
aarch64 nginx-mod-stream-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm 8c7f3631359cb2be07bbd20f6f6331edea7c41e6e3d8de67927209baee81c523
aarch64 nginx-mod-mail-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm ae793c86d1b6093e7e7c3a2b4baac5ae992e5cd69ee353b949716435e2484c5d
aarch64 nginx-mod-devel-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm e73d4297646826c0d8bdf1870aa873f599daefafa75ff49a408b16f4d62d0b33
aarch64 nginx-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.aarch64.rpm ff616b1c1614855ed851ff2ff8dad4c9787f58bd618befb2117af5a6e21da62e
noarch nginx-all-modules-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.noarch.rpm 19456fe1d88b5010becd6fb7fb15d91883d58c25c15ae8f09eda7292be441940
noarch nginx-filesystem-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.noarch.rpm 2d154b2847267c46570d522255c6ccf3cd2a83f1def6822328c01b88aac76aa5
ppc64le nginx-core-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm 0d59aeb252af4b76df7933d521864e45c55141ad7feba0ef56d73e91ee866e74
ppc64le nginx-mod-http-image-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm 26018f0b3c86205b0c2044afba3d0268fcd5846dfbc00e5ff5605b02006e3578
ppc64le nginx-mod-stream-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm 41511d7ad117669194fc763c0ead9147ecfa859152d245ac01f364b8a7b613cb
ppc64le nginx-mod-http-xslt-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm 608fb12398458fe6fb904d6714ff13589eef22f3f80c44a97ca854c841bf0df1
ppc64le nginx-mod-devel-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm 8368a6f77653437f0810f8111f2230d67d6558f424e79c06051e55791fcee9bb
ppc64le nginx-mod-mail-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm aa1f158c7cb7e6f83d38992df019cc880e4b08da9c23d5c63c9c7a1fc6bc92f8
ppc64le nginx-mod-http-perl-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm cc3884a7ca58b8f57c7d89ceae9d2633c3135defc3044db08548d35e340bab2d
ppc64le nginx-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.ppc64le.rpm fe2b5a497e2c1470125741440cdfbc92c1549b8755561720531260b21d1a5608
s390x nginx-core-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 023af8c57b9a4fdc9cb56970bb5ad71b36c3effb88cf61b9d63e73e1a226e18f
s390x nginx-mod-mail-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 03c98dc08b3f43353627df80a1752b9c60d2886309bc085a6020cbd90bcdc708
s390x nginx-mod-stream-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 0ed75865a4b011f08a1340e09553d707bcf55849925d5592adf4261b746068f7
s390x nginx-mod-http-perl-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 14f3070970e013376af77139c14d811aa418f6313c482606e05d9680e5757352
s390x nginx-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 50560470ace6b8c9f18b9b4ef90beab807401e0aa5c1a7a506441b9dd1b93feb
s390x nginx-mod-http-xslt-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 6cfa4620a2eb7dae58ad1c8df60d0871f7589090605989fdc964bb1779f224b8
s390x nginx-mod-http-image-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm 9fd442da0de09b471926cc5324ec1224faf8efb7bf7c7f5ecdc09e6312b2fd2f
s390x nginx-mod-devel-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.s390x.rpm ebb401d2a661ae29bd4f60e6358777bc6a83f3fbb95a993e58dfd2f922c102e2
x86_64 nginx-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm 085bfa0210acef9a5e7cb843fd2486ac5ed5dfc44112cb12b0a2883523714b42
x86_64 nginx-core-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm 3563025f3e2b476aaaaa1a8e6431ed720570b7f940f5c8fb1d21c373d5128293
x86_64 nginx-mod-stream-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm 7055a9bac3cb44132c7479f9ef70eb88e8baedbfef43799c47b3225f28a9cc0e
x86_64 nginx-mod-http-perl-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm 7cad86c60ce531511be802bfc2c154a9ab2eae592247f13f324fbb09941307ba
x86_64 nginx-mod-http-image-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm 9143f12842d4f2426304ad95f94ad53d5bfedea67083a13470f772504258a157
x86_64 nginx-mod-mail-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm e9c9bd793dd1644e71f498c450b0de93015e2e2749eb9557d93f719e6a77316d
x86_64 nginx-mod-http-xslt-filter-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm f0efe139a5268898d5d1e2ca3bf27b2f20118542951cf6e9beac79a7dd4795a6
x86_64 nginx-mod-devel-1.24.0-7.module_el9.8.0+278+b57266e8.3.alma.1.x86_64.rpm fbff4630f1e65feca4136520e0ed6f8c157a07ff4f9c9b0fcee22fd7f7d7eb20
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.