ALSA-2026:6923

[ALSA-2026:6923] Important: nginx:1.24 security update

Type:

security

Severity:

important

Release date:

2026-04-09

Description:

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.   

Security Fix(es):  

  * nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
  * NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
  * NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
  * NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nginx-mod-http-xslt-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	10df74652e9c0b0a54d56d4645eb8e6a68136ae0171e1791b7a3d79dd12745b5
aarch64	nginx-mod-stream-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	2794efd7ff50cd9b662df861850d49794721b53a2dc9d990ed55858d7a4000e1
aarch64	nginx-core-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	55ea75a471763134b13ffe6f35fc5b49a673c6686e4b526c050c085616837294
aarch64	nginx-mod-http-image-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	6a4fa5b26942cba7e3af95fc87ab681a473f2c08ef4b9e609a16fe4e76d6483f
aarch64	nginx-mod-devel-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	b28d92b6a66bdb1efce53f3be8016dcff444b3ec168807357bfd0f105898b796
aarch64	nginx-mod-http-perl-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	cab9ba600094c8080f160a9f731521c96122c84253b8487ef2fcf1820a2c5d53
aarch64	nginx-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	cfe743eac9d81efa35ac592f4f3d26d70463155bb2db9c7c2382094c7030301b
aarch64	nginx-mod-mail-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.aarch64.rpm	f3e4c43668353c225677bf3d7ad4293dabe58e8bea0f9b87398177fd4d7f2c5d
noarch	nginx-all-modules-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.noarch.rpm	b799c8ef26d44cfd0262668c4eb7f4175b41eaa8627ceaeb3d6a091a41252c3b
noarch	nginx-filesystem-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.noarch.rpm	b8d466c7bada98dc15166388e2494cf943dacbd9983af9157f1b1745b862687c
ppc64le	nginx-mod-http-image-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	1fb149b0826d8ed898f3e2bb7afbad7c0400edf90674ae8d213978076d421c00
ppc64le	nginx-mod-stream-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	5def9e73405e985cd75664f873a12516d241db35a60fe81bc9ab5b701aa9dba9
ppc64le	nginx-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	71721cea1e0558bd8646710ae7b6f4de0634e8676b028f2d4e4c9cdfb3e6f004
ppc64le	nginx-mod-devel-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	75df7809ba97d7d8b5c6efa33c73f6e6396dc9daa73e96629f3a3b3adc8d0779
ppc64le	nginx-mod-http-perl-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	b77213622fd7d7908f75aaf6138aef485ba0608ed21fc8f632c0678b07c90983
ppc64le	nginx-mod-mail-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	c36f9829e825ce5a91e1a026b1f081bdae175c0c2d40da75a90545de17942372
ppc64le	nginx-core-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	dadbbc123c2abdb38fe6c8b43459b124269d07bc1333b2953708262130467678
ppc64le	nginx-mod-http-xslt-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.ppc64le.rpm	faee33d777bda290f28f6ef1232dec2d590a59df32bdf9d8e17829fe25c21354
s390x	nginx-mod-http-perl-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	2d2da32a8e1e9c10f830d9993ae1ed3f1b35ac5a10027c4f26dbdc2a1ec54bd5
s390x	nginx-mod-mail-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	4e67e3d580bf818bdade5f26c7e31872d0d02d577e53ee9343020fedf707cd2d
s390x	nginx-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	55beee2e8d717a1a53e8fe2c64665a3b1cdb353089e1eece81f9b8b3f8867584
s390x	nginx-mod-stream-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	589cee8f743d3191be9ee3dc5d5a7041b46658cb64b2f1a5ab57e8014399c123
s390x	nginx-core-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	6055974a1075c2cf87725048814ec1fbd3ecb24113f72a4bf00cf6e3819df8a8
s390x	nginx-mod-devel-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	7dc63337c579f44718c46fac3a9dc7b2898959667935dee57d10230f6d63b27f
s390x	nginx-mod-http-xslt-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	9cc311b49d9c94a9bd09237df831207622485892bfce33e0b0352b8f54bae84f
s390x	nginx-mod-http-image-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.s390x.rpm	fa6f658812972a23dd66637b3b97dcac99b96d48e5cee9f9f4804994bb75483b
x86_64	nginx-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	0549ad427a9671da3f7f7f4a71d681029dbc9b055dcb5f2f8e9f6eed6ec758a8
x86_64	nginx-mod-mail-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	3fef7dad5ea1a4a2d167646bb7c4e0349aa040112ba294a3fe91da231064c1ba
x86_64	nginx-mod-http-image-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	7bf22a5444aff1f66838a95615bfa2e0d5369f7a339afcac64c88e630da52899
x86_64	nginx-mod-stream-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	7d5f17e243a921127a9c04bbba7d6538df7954ed17b15df5e63aa56013ed1e04
x86_64	nginx-core-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	b70c85550ac0ac6b9e84a6cdc9e2d116016f439a30ef7d03740add7982674320
x86_64	nginx-mod-devel-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	ce83fe90586a91479c1358b38da65f8727a739b9c66635d00db94a59be0f5f6b
x86_64	nginx-mod-http-xslt-filter-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	ebdd218c876d3a3c1b463019d9b109e218782db23c314945d46b60a770ced03b
x86_64	nginx-mod-http-perl-1.24.0-5.module_el9.7.0+220+47ec8b91.2.alma.1.x86_64.rpm	f0c2305de906903691c04273debf99cc3ddc676e9caad97eee6aebb1330d8a3c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.