Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE OpenSUSE nginx Important Security Update 2026-1953-1

suse
Calendar Grey May 18, 2026
Dist Suse Esm H88
Address important nginx security updates with critical fixes for multiple vulnerabilities now available for users.
An update that solves four vulnerabilities and has one security fix can now be installed.

Summary

## This update for nginx fixes the following issues Security issues: * CVE-2026-1642: plain text data injection into the response from an upstream proxied server (bsc#1257675). * CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). * CVE-2026-27784: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260417). * CVE-2026-28753: improper handling onf CRLF sequences in DNS responses allows for arbitrary header injection into SMTP upstream requests (bsc#1260418). Non security issue: * nginx always runs into "timed out. Killing" on shutdown when there are long- running processes (bsc#1243502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

Topics%20covered

Topics Covered

security advisory security issue buffer overflow important nginx OpenSUSE

References

* bsc#1243502

* bsc#1257675

* bsc#1260416

* bsc#1260417

* bsc#1260418

Cross-

* CVE-2026-1642

* CVE-2026-27654

* CVE-2026-27784

* CVE-2026-28753

CVSS scores:

* CVE-2026-1642 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-1642 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-1642 ( NVD ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-1642 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2026-27654 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1953-1
Release Date: 2026-05-18T07:53:53Z
Rating: important

Topics%20covered

Topics Covered

security advisory security issue buffer overflow important nginx OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here