Oracle Linux Security Advisory ELSA-2026-5581 http://linux.oracle.com/errata/ELSA-2026-5581.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-all-modules-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm nginx-filesystem-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm nginx-mod-devel-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-mod-http-image-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-mod-http-perl-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-mod-http-xslt-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-mod-mail-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm nginx-mod-stream-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.x86_64.rpm aarch64: nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-all-modules-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm nginx-filesystem-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.noarch.rpm nginx-mod-devel-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-mod-http-image-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-mod-http-perl-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-mod-http-xslt-filter-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-mod-mail-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm nginx-mod-stream-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nginx-1.24.0-2.0.1.module+el8.10.0+90849+dcad285b.src.rpm Related CVEs: CVE-2026-1642 Description of changes: [1.24.0-2.0.1] - Remove Red Hat references [Orabug: 29498217] [1:1.24.0-2] - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642) [1:1.24.0-1] - Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10 [1:1.22.1-2] - Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487) [1:1.22.1-1] - Resolves: #2112345 - nginx:1.22 for RHEL 8 - add stream_geoip_module and stream_realip_module - remove obsolete --with-ipv6 [1:1.20.1-1] - rebase to 1.20.1 (addressing CVE-2021-23017) [1:1.20.0-4] - add delaycompress to logrotate config (#2015243) [1:1.20.0-3] - Add -mod-devel subpackage for building external nginx modules (Neal Gompa) Resolves: #1991787 [1:1.20.0-2] - Resolves: #1991796 - build nginx with --with-compat [1:1.20.0-1] - new version 1.20.0 - Resolves: #1945671 - RFE: add nginx:1.20 module stream _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
