Ubuntu 25.10 nginx Important Denial of Service Vulnerabilities USN-8210-1
Apr 27, 2026
•
LinuxSecurity Advisories
2 - 3 min read
Topics Covered
Several security issues were fixed in nginx.
========================================================================== Ubuntu Security Notice USN-8210-1 April 27, 2026 nginx vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in nginx. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that the nginx ngx_mail_auth_http_module module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2026-27651) It was discovered that the nginx ngx_http_dav_module module incorrectly handled certain destination URIs. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify source or destination names outside of the document root. (CVE-2026-27654) It was discovered that the nginx ngx_http_mp4_module module incorrectly handled certain MP4 files. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-27784, CVE-2026-32647) It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain CRLF sequences. An attacker could possibly use this issue to inject arbitrary SMTP headers. (CVE-2026-28753) It was discovered that the nginx ngx_stream_ssl_module module incorrectly handled revoked certificates. This could result in successful TLS handshakes even after an OCSP check identifies a certificate as revoked, contrary to expectations. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-28755) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nginx 1.28.0-6ubuntu1.2 nginx-core 1.28.0-6ubuntu1.2 nginx-extras 1.28.0-6ubuntu1.2 nginx-full 1.28.0-6ubuntu1.2 nginx-light 1.28.0-6ubuntu1.2 Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.7 nginx-core 1.24.0-2ubuntu7.7 nginx-extras 1.24.0-2ubuntu7.7 nginx-full 1.24.0-2ubuntu7.7 nginx-light 1.24.0-2ubuntu7.7 Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.10 nginx-core 1.18.0-6ubuntu14.10 nginx-extras 1.18.0-6ubuntu14.10 nginx-full 1.18.0-6ubuntu14.10 nginx-light 1.18.0-6ubuntu14.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8210-1 CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753, CVE-2026-28755, CVE-2026-32647 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.7 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.10
PREVIOUS
NEXT
Ubuntu 25.10 nginx Important Denial of Service Vulnerabilities USN-8210-1
ubuntu
April 27, 2026
Several security issues were fixed in nginx.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in nginx. Software Description: - nginx: small, powerful, scalable web/proxy server Details: It was discovered that the nginx ngx_mail_auth_http_module module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2026-27651) It was discovered that the nginx ngx_http_dav_module module incorrectly handled certain destination URIs. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify source or destination names outside of the document root. (CVE-2026-27654) It was discovered that the nginx ngx_http_mp4_module module incorrectly handled certain MP4 files. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute ar...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nginx 1.28.0-6ubuntu1.2 nginx-core 1.28.0-6ubuntu1.2 nginx-extras 1.28.0-6ubuntu1.2 nginx-full 1.28.0-6ubuntu1.2 nginx-light 1.28.0-6ubuntu1.2 Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.7 nginx-core 1.24.0-2ubuntu7.7 nginx-extras 1.24.0-2ubuntu7.7 nginx-full 1.24.0-2ubuntu7.7 nginx-light 1.24.0-2ubuntu7.7 Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.10 nginx-core 1.18.0-6ubuntu14.10 nginx-extras 1.18.0-6ubuntu14.10 nginx-full 1.18.0-6ubuntu14.10 nginx-light 1.18.0-6ubuntu14.10 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8210-1
CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753,
CVE-2026-28755, CVE-2026-32647
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8210-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.2 https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.7 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.10
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!