Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Fedora 44 Nginx ModSecurity Denial of Service and Memory Improvement Fix

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Effective Fedora 44 nginx-mod-modsecurity security advisory covering key ModSecurity issues and threats.
nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi:

Summary

The ModSecurity-nginx connector is the connection point between nginx and

libmodsecurity (ModSecurity v3). Said another way, this project provides a

communication channel between nginx and libmodsecurity. This connector is

required to use LibModSecurity with nginx.

The ModSecurity-nginx connector takes the form of an nginx module. The module

simply serves as a layer of communication between nginx and ModSecurity

Update Information:

nginx-mod-brotli: Rebuild for 1.28.3 nginx-mod-fancyindex: Rebuild for 1.28.3 nginx-mod-naxsi: Rebuild for 1.28.3 nginx-mod-headers-more: Rebuild for 1.28.3 nginx-mod-vts: Rebuild for 1.28.3 nginx-mod-modsecurity: Rebuild for 1.28.3 nginx: Update to 1.28.3 fixes CVE-2026-27654, CVE-2026-27784, CVE-2026-32647, CVE-2026-27651, CVE-2026-28753, CVE-2026-28755

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow memory corruption nginx-mod-modsecurity

Change Log

* Wed Mar 25 2026 Felix Kaechele - 1.0.4-8 - Rebuild for 1.28.3

References


[ 1 ] Bug #2372546 - Use `systemctl kill` in logrotate postrotate script https://bugzilla.redhat.com/show_bug.cgi?id=2372546 [ 2 ] Bug #2393382 - nginx-upgrade: Support custom PID and config file locations https://bugzilla.redhat.com/show_bug.cgi?id=2393382 [ 3 ] Bug #2413647 - The default server (i.e. _) is not the default server https://bugzilla.redhat.com/show_bug.cgi?id=2413647 [ 4 ] Bug #2445461 - RFE: please enable the geoip module https://bugzilla.redhat.com/show_bug.cgi?id=2445461 [ 5 ] Bug #2450834 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450834 [ 6 ] Bug #2450837 - CVE-2026-27651 nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2450837 [ 7 ] Bug #2450838 - CVE-2026...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4de4d247a0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx-mod-modsecurity
Product: Fedora 44
Version: 1.0.4
Release: 8.fc44
URL: https://github.com/SpiderLabs/ModSecurity-nginx
Summary: ModSecurity v3 nginx connector

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow memory corruption nginx-mod-modsecurity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here