[ALSA-2026:36639] Important: nginx:1.26 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-09
Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055) Bug Fix(es) and Enhancement(s): * nginx:1.26/nginx: "HTTP/2 bomb" nginx fix breaks module ABI causing crashes [almalinux-9.8.z] (JIRA:AlmaLinux-191774) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nginx-mod-mail-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 02c49702c4732f9ca95ad686c89c319981f4c65d4ed54a46f58359088beade9f
aarch64 nginx-mod-http-perl-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 051fae1027b8bb6db4acad3067e2b6df7a0f222549c66267c7aa15217250f9c4
aarch64 nginx-core-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 1e2bc020c808fa3433ae7317be93d014df932fd511485fc20ef88c03ba034342
aarch64 nginx-mod-http-image-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 2f6ab1a46e916b21672073bc52aca11b7a1914bb27d1605f8e4958a156624088
aarch64 nginx-mod-devel-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 6328b6749ab75ee2d2998cfdec7f5298d46c3a25c9a26b5e330d04040c659063
aarch64 nginx-mod-http-xslt-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm 9a61f948688cb48ba9160618f739b83ab3e8dcef0389cde9a29284ef499d7859
aarch64 nginx-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm ccea70579a0135dcce90035814a832a3530f2095b458e5ecbf2ba69a23d9715c
aarch64 nginx-mod-stream-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.aarch64.rpm d025a0761a154e5a8466a088c4c6f2ff1c318f6fc8d2f9744320c4c93d23d8c4
noarch nginx-all-modules-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.noarch.rpm 88730ac825490f706a8a59483ef93af7b86d2fe28e8c2451a142029a8a963731
noarch nginx-filesystem-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.noarch.rpm a6fcef132f9a64e3040a525037819bab499ab63d692dfe6ac1589b0363351934
ppc64le nginx-mod-http-perl-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 42f5cf0e676ed7bd4f4d078a07ce29a754a55caa8846a04bc890480f15ef5aa0
ppc64le nginx-mod-http-xslt-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 4b01598bd615ae5e2b0977d7e95e023e7b4491276d0b21c18de1ac9208d8b280
ppc64le nginx-mod-http-image-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 54753520823ad01314cf3418ce121e591672e96c017c7effca0b2f46f374ff79
ppc64le nginx-core-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 57bc672a4de7e58440ba5683f92def403329cce626ef31e10ce7f239ad88dd15
ppc64le nginx-mod-devel-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 81f0dbc9891133dbcb6745c23edfadad7d7e565538ea954c2e28b4e82e4db5d9
ppc64le nginx-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm 9924d14b37575cc6e0ab4281ddcf0306563351495a38f2a87c3f18caa40463c8
ppc64le nginx-mod-stream-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm b6781392da28f8f9b6b3d8a327c7860a3ee819ef404492088774e8eb7607ffae
ppc64le nginx-mod-mail-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.ppc64le.rpm dff7bc50be244f929a3d6353a48b103b34a5bde44c6e455a24387443863ca8bd
s390x nginx-mod-http-xslt-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm 0b322fec9b046307af8a0dbd7f61df67c527a25893acdafdd82e39ce05e79a23
s390x nginx-mod-mail-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm 7fd324bfb59b4b0763f8b873dd74f07354a166ddcf159f323f87d4402760d134
s390x nginx-core-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm 800c979244408f0794faaaaacc5733b5985398a0bc9844ebe54fcec082f3b49c
s390x nginx-mod-stream-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm a34cab73e5493eb6d476a71dd5087e96ba5328123b61161d4eaa74ed6d6e69a2
s390x nginx-mod-http-image-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm af8d78091f69dae792ff527df563caad528598d0250816f0068f93c829903931
s390x nginx-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm e0b9d41668dfba3f3b7298fa2785cc1cec7c11dbbfdd7d83f1feb06573228249
s390x nginx-mod-devel-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm e0e146b6ab645c5e5142e70c658bc33f159cf8bc8317f917ed4cf72ab3332bfa
s390x nginx-mod-http-perl-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.s390x.rpm ea137c516e40076dcecd00c9468ae6990aaccf6b11a3ee395dfccd9e2ec26c9e
x86_64 nginx-mod-http-xslt-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm 070ed1fd4d7d1fb5c70db9102c4aea0ae1037324399e12812768eef79f12f145
x86_64 nginx-mod-mail-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm 3754299720ceca0e75c6a37e31efef8dabeb82165497da33d5f2e5e11fa1b483
x86_64 nginx-mod-http-perl-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm 3fe19a3a728ede0de4a0162fdc6cfd4938ecb1fd6428b118c9dff83e647ccd76
x86_64 nginx-mod-http-image-filter-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm 82a8965b2803997c3299a69f70f012061471496f4f17cab72112feaf62d7f351
x86_64 nginx-mod-stream-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm a692a4ebf8f4db14b35b9f827b9d158887dda1fed26740bc95f01573d2cef045
x86_64 nginx-mod-devel-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm cc0e2d9b3a8c84ce1365de99efc6ce3d6cb91af53729a37c86f881a03ace2b66
x86_64 nginx-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm d0db7ca1b554b26a5afc24f1d186bc6bd61f3f2cbc1e81ebd784fac14f6c5c35
x86_64 nginx-core-1.26.3-9.module_el9.8.0+281+75d5e6d4.2.x86_64.rpm eed1dafe38aadf3ce2ba67190fb16026bd0b8847ffbc774ec7a0f3bf3c860f32
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.