Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Fedora 44 Nginx 1.28.3 High DoS Vulnerabilities Fix 2026-4de4d247a0

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Nginx 1.28.3 updates critical DoS issues. Upgrade Fedora 44 to enhance security against vulnerabilities.
nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi:

Summary

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and

IMAP protocols, with a strong focus on high concurrency, performance and low

memory usage.

Update Information:

nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi: Rebuild for 1.28.3 nginx-mod-headers-more: Rebuild for 1.28.3 nginx-mod-vts: Rebuild for 1.28.3 nginx-mod-modsecurity: Rebuild for 1.28.3 nginx: Update to 1.28.3 fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755

Change Log

* Wed Mar 25 2026 Felix Kaechele - 2:1.28.3-1 - Update to 1.28.3 - fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755 * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-9 - Spec file and macro cleanups - move some files into the packages that have the dependencies they rely on (e.g. systemd, logrotate are not present in nginx-core, so don't install files pertaining to them there) - remove unused LDFLAGS and DESTDIR overrides, for perl we patch the Makefile.PL already - use zlib-ng-devel dependency also in nginx-mod-devel - improve macro consistency - sync configure command in macros.nginxmods.in with main package * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-8 - Use systemctl kill in logrotate postrotate script * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-7 - Use file triggers to reload dynamic modules upon upgrade * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-6 - Rewrite nginx-upgrade to support instances * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-5 - Move modular configuration file include after default host - fixes rhbz#2413647 * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-4 - Fix RHEL 8 & 9 compatibility - Fix SSL passphrase dialog patch when used with OpenSSL < 3 (EL8 w/o EPEL) - Build now works with and without EPEL enabled * Wed Mar 25 2026 Felix Kaechele - 2:1.28.2-3 - Build GeoIP module by default on Fedora and EPEL8 - fixes rhbz#2445461 * Thu Mar 5 2026 Timothe Ravier - 2:1.28.2-2 - Move ABI 'Provides' to the core sub package

References


[ 1 ] Bug #2372546 - Use `systemctl kill` in logrotate postrotate script https://bugzilla.redhat.com/show_bug.cgi?id=2372546 [ 2 ] Bug #2393382 - nginx-upgrade: Support custom PID and config file locations https://bugzilla.redhat.com/show_bug.cgi?id=2393382 [ 3 ] Bug #2413647 - The default server (i.e. _) is not the default server https://bugzilla.redhat.com/show_bug.cgi?id=2413647 [ 4 ] Bug #2445461 - RFE: please enable the geoip module https://bugzilla.redhat.com/show_bug.cgi?id=2445461 [ 5 ] Bug #2450834 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450834 [ 6 ] Bug #2450837 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450837 [ 7 ] Bug #2450838 - CVE-2026-27651 nginx...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4de4d247a0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx
Product: Fedora 44
Version: 1.28.3
Release: 1.fc44
Summary: A high performance web server and reverse proxy server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.