Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Oracle Nginx Important Buffer Overflow Fix Advisory ELSA-2026-36331

oracle
Calendar Grey July 14, 2026
Oracle Linux Logo Esm H88
Oracle Linux 9 updates address security issues in nginx, including fixes for buffer overflow and denial of service vulnerabilities.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[1.20.1-28.0.1.el9_8.4] - Reference oracle-indexhtml within Requires [Orabug: 33802044] - Remove Red Hat references [Orabug: 29498217] - Update upstream references [Orabug: 36579090] [2:1.20.1-28.4] - Resolves: RHEL-190800 - nginx: "HTTP/2 bomb" nginx fix breaks module ABI causing crashes - Resolves: RHEL-188418 - nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers (CVE-2026-42055) [2:1.20.1-28.3] - Resolves: RHEL-178684 - nginx: code execution and denial of service (CVE-2026-9256) - Resolves: RHEL-182553 - nginx: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack [2:1.20.1-28.2] - Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945) [2:1.20.1-28.1] - RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module - RHEL-159539 CVE-2026-27784 nginx: NGINX: Denial of Servic...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates/nginx-1.20.1-28.0.1.el9_8.4.src.rpm

x86_64

nginx-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-all-modules-1.20.1-28.0.1.el9_8.4.noarch.rpm nginx-core-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-filesystem-1.20.1-28.0.1.el9_8.4.noarch.rpm nginx-mod-devel-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-mod-http-perl-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-mod-mail-1.20.1-28.0.1.el9_8.4.x86_64.rpm nginx-mod-stream-1.20.1-28.0.1.el9_8.4.x86_64.rpm

aarch64

nginx-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-all-modules-1.20.1-28.0.1.el9_8.4.noarch.rpm nginx-core-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-filesystem-1.20.1-28.0.1.el9_8.4.noarch.rpm nginx-mod-devel-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-mod-http-image-filter-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-mod-http-perl-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-mod-http-xslt-filter-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-mod-mail-1.20.1-28.0.1.el9_8.4.aarch64.rpm nginx-mod-stream-1.20.1-28.0.1.el9_8.4.aarch64.rpm

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2026-42055

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.