Several security issues were fixed in nginx.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that the nginx ngx_mail_auth_http_module module
incorrectly handled certain requests. An attacker could possibly use this
issue to cause nginx to crash, resulting in a denial of service.
(CVE-2026-27651)
It was discovered that the nginx ngx_http_dav_module module incorrectly
handled certain destination URIs. An attacker could use this issue to cause
nginx to crash, resulting in a denial of service, or possibly modify source
or destination names outside of the document root. (CVE-2026-27654)
It was discovered that the nginx ngx_http_mp4_module module incorrectly
handled certain MP4 files. An attacker could use this issue to cause nginx
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-27784, CVE-2026-32647)
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain...
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 nginx 1.28.0-6ubuntu1.2 nginx-core 1.28.0-6ubuntu1.2 nginx-extras 1.28.0-6ubuntu1.2 nginx-full 1.28.0-6ubuntu1.2 nginx-light 1.28.0-6ubuntu1.2 Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.7 nginx-core 1.24.0-2ubuntu7.7 nginx-extras 1.24.0-2ubuntu7.7 nginx-full 1.24.0-2ubuntu7.7 nginx-light 1.24.0-2ubuntu7.7 Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.10 nginx-core 1.18.0-6ubuntu14.10 nginx-extras 1.18.0-6ubuntu14.10 nginx-full 1.18.0-6ubuntu14.10 nginx-light 1.18.0-6ubuntu14.10 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8210-1
CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753,
CVE-2026-28755, CVE-2026-32647
Get the latest Linux and open source security news straight to your inbox.