Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 nginx-mod-headers-more Critical DoS Fix 2026-4de4d247a0

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Critical update for nginx-mod-headers-more in Fedora addressing multiple denial of service threats. Recommended actions inside.
nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi:

Summary

This module allows adding, setting, or clearing specified input/output headers.

This is an enhanced version of the standard headers module because it provides

more utilities like resetting or clearing "builtin headers" like Content-Type,

Content-Length, and Server.

Update Information:

nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi: Rebuild for 1.28.3 nginx-mod-headers-more: Rebuild for 1.28.3 nginx-mod-vts: Rebuild for 1.28.3 nginx-mod-modsecurity: Rebuild for 1.28.3 nginx: Update to 1.28.3 fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755

Topics%20covered

Topics Covered

security advisory denial of service fedora update vulnerability nginx-mod-headers-more

Change Log

* Wed Mar 25 2026 Felix Kaechele - 0.39-7 - Rebuild for 1.28.3

References


[ 1 ] Bug #2372546 - Use `systemctl kill` in logrotate postrotate script https://bugzilla.redhat.com/show_bug.cgi?id=2372546 [ 2 ] Bug #2393382 - nginx-upgrade: Support custom PID and config file locations https://bugzilla.redhat.com/show_bug.cgi?id=2393382 [ 3 ] Bug #2413647 - The default server (i.e. _) is not the default server https://bugzilla.redhat.com/show_bug.cgi?id=2413647 [ 4 ] Bug #2445461 - RFE: please enable the geoip module https://bugzilla.redhat.com/show_bug.cgi?id=2445461 [ 5 ] Bug #2450834 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450834 [ 6 ] Bug #2450837 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450837 [ 7 ] Bug #2450838 - CVE-2026...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4de4d247a0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx-mod-headers-more
Product: Fedora 44
Version: 0.39
Release: 7.fc44
URL: https://github.com/openresty/headers-more-nginx-module
Summary: This module allows adding, setting, or clearing specified input/output headers

Topics%20covered

Topics Covered

security advisory denial of service fedora update vulnerability nginx-mod-headers-more

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here