Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 73 articles for you...
100
security advisorybuffer overflowSuSESUSE nginx Important Memory Overread Buffer Overflow Vuln 2026-1761-1
An update that solves four vulnerabilities can now be installed.. # Security update for nginx Announcement ID: SUSE-SU-2026:1761-1 Release Date: 2026-05-08T08:58:17Z Rating: important References: * bsc#1257675 * bsc#1260416 * bsc#1260417 * bsc#1260418 Cross-References: * CVE-2026-1642 * CVE-2026-27654 * CVE-2026-27784 * CVE-2026-28753 CVSS scores: * CVE-2026-1642 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1642 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1642 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1642 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27654 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27654 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27654 ( NVD ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27654 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27784 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27784 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27784 ( NVD ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27784 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27784 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28753 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28753 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-28753 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-28753 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for nginx fixes the following issues: * CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack (bsc#1257675). * CVE-2026-27654: buffer overflow in the NGINX worker process via the `ngx_http_dav_module` module (bsc#1260416). * CVE-2026-27784: NGINX worker memory overread or overwrite via a specially crafted MP4 file (bsc#1260417). * CVE-2026-28753: arbitrary header injection into SMTP upstream requests via attacker-controlled DNS server (bsc#1260418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1761=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1761=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patchSUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1761=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1761=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * openSUSE Leap 15.6 (noarch) * nginx-source-1.21.5-150600.10.15.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * Server Applications Module 15-SP7 (noarch) * nginx-source-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nginx-source-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nginx-debugsource-1.21.5-150600.10.15.1 * nginx-debuginfo-1.21.5-150600.10.15.1 * nginx-1.21.5-150600.10.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nginx-source-1.21.5-150600.10.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1642.html * https://www.suse.com/security/cve/CVE-2026-27654.html * https://www.suse.com/security/cve/CVE-2026-27784.html * https://www.suse.com/security/cve/CVE-2026-28753.html * https://bugzilla.suse.com/show_bug.cgi?id=1257675 * https://bugzilla.suse.com/show_bug.cgi?id=1260416 * https://bugzilla.suse.com/show_bug.cgi?id=1260417 * https://bugzilla.suse.com/show_bug.cgi?id=1260418 . Critical update released for nginx on SUSE fixes four security issues including buffer overflow and data injection.. SUSE nginx security patch important vulnerabilities buffer overflow. . Severity: Important. LinuxSecurity.com Team
May 08, 2026
•Important
SuSE
219
security advisorymoderateimportantSummit OS 6.1 nginx Patch Release RLSB-2041-9933 CVE-2041-2031
Moderate: nginx:1.24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5581", "synopsis": "Moderate: nginx:1.24 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nginx, nginx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-04-07T00:01:14.755526Z", "rpms": {"Rocky Linux 8": {"nvras": ["nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.src.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-all-modules-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm","nginx-filesystem-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate nginx security update for Rocky Linux 8 against potential data injection attacks. Keep your system secure..nginx security update, Rocky Linux 8, data injection, security advisories. . LinuxSecurity.com Team
Apr 07, 2026
Rocky Linux
219
security advisorymoderatenginxRocky Linux 8 nginx Notification RLSA-2026-5582 for CVE-2026-1643 flaw
Moderate: nginx:1.24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5581", "synopsis": "Moderate: nginx:1.24 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nginx, nginx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-04-07T00:01:14.755526Z", "rpms": {"Rocky Linux 8": {"nvras": ["nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.src.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-all-modules-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm","nginx-filesystem-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical nginx update for Rocky Linux fixes moderate TLS data injection risk. Immediate updates recommended to secureyour environment.. nginx security update, Rocky Linux advisory, TLS data injection. . LinuxSecurity.com Team
Apr 07, 2026
Rocky Linux
219
security advisorymoderatenginxEssential Security Patch RLSB-2026-5420 for Ubuntu Server 20 with Nginx
Moderate: nginx:1.24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5581", "synopsis": "Moderate: nginx:1.24 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nginx, nginx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-04-07T00:01:14.755526Z", "rpms": {"Rocky Linux 8": {"nvras": ["nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.src.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-all-modules-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm","nginx-filesystem-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for nginx on Rocky Linux 8 addressing moderate security issue; mitigate data injection riskseffectively.. nginx security update, Rocky Linux 8, data injection issue. . LinuxSecurity.com Team
Apr 07, 2026
Rocky Linux
219
security advisorymoderatenginxRocky Linux 8 nginx Moderate Risk SQL Injection Flaw RLSA-2026-5600
Moderate: nginx:1.24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5581", "synopsis": "Moderate: nginx:1.24 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nginx, nginx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-04-07T00:01:14.755526Z", "rpms": {"Rocky Linux 8": {"nvras": ["nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.src.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-all-modules-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm","nginx-filesystem-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical security update for nginx on Rocky Linux with a moderate severity regarding data injection risks.. RockyLinux Security Update, nginx TLS Vulnerability, Moderate Security Advisory, nginx Data Injection Issue. . LinuxSecurity.com Team
Apr 07, 2026
Rocky Linux
219
security advisorymoderatenginxRocky Linux 8 RLSA-2026-5593 apache High Risk Vulnerability Detected
Moderate: nginx:1.24 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5581", "synopsis": "Moderate: nginx:1.24 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.nginx, nginx.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-04-07T00:01:14.755526Z", "rpms": {"Rocky Linux 8": {"nvras": ["nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.src.rpm", "nginx-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-all-modules-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-debugsource-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm","nginx-filesystem-1:1.24.0-2.module+el8.10.0+40137+188e04f4.noarch.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-devel-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-perl-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-mail-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.aarch64.rpm", "nginx-mod-stream-debuginfo-1:1.24.0-2.module+el8.10.0+40137+188e04f4.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate nginx:1.24 security update addressing data injection risks on Rocky Linux 8. Important fixes available now..nginx security, Rocky Linux nginx update, TLS proxied connections fix. . LinuxSecurity.com Team
Apr 07, 2026
Rocky Linux
202
security advisorymoderateSuSEopenSUSE Leap 15.4 redis Moderate Vulnerability Patch SUSE-2026-1122-1
An update that has one security fix can now be installed.. # Security update for redis Announcement ID: SUSE-SU-2026:1122-1 Release Date: 2026-03-27T14:21:13Z Rating: moderate References: * bsc#1258706 Affected Products: * openSUSE Leap 15.4 An update that has one security fix can now be installed. ## Description: This update for redis fixes the following issue: * a user can manipulate data read by a connection by injecting sequences into a Redis error reply (bsc#1258706). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1122=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * redis-debuginfo-6.2.6-150400.3.43.1 * redis-debugsource-6.2.6-150400.3.43.1 * redis-6.2.6-150400.3.43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258706 . Update for openSUSE fixes moderate issue in redis, addressing data manipulation risks. Install via zypper for safety.. openSUSE Redis security patch. . LinuxSecurity.com Team
Mar 27, 2026
OpenSUSE
219
security advisorymoderatenginxRocky Linux 10 RLSA-2026-4811 httpd Major Security Vulnerability Notice
Moderate: nginx security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4705", "synopsis": "Moderate: nginx security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for nginx.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2436738", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738", "description": ""}], "cves": [{"name": "CVE-2026-1642", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-349"}], "references": [], "publishedAt": "2026-03-27T12:07:50.770013Z", "rpms": {"Rocky Linux 10": {"nvras": ["nginx-core-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-stream-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-image-filter-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-devel-2:1.26.3-2.el10_1.s390x.rpm", "nginx-2:1.26.3-2.el10_1.src.rpm","nginx-mod-mail-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-mail-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-stream-2:1.26.3-2.el10_1.s390x.rpm", "nginx-core-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-core-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-perl-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-image-filter-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-stream-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-image-filter-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-debugsource-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-core-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-devel-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-filesystem-2:1.26.3-2.el10_1.noarch.rpm", "nginx-core-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-debugsource-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-debuginfo-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-image-filter-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-mail-2:1.26.3-2.el10_1.s390x.rpm", "nginx-core-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-mail-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-image-filter-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-stream-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-http-perl-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm","nginx-mod-mail-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-core-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-xslt-filter-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-devel-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-mail-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-all-modules-2:1.26.3-2.el10_1.noarch.rpm", "nginx-mod-http-perl-2:1.26.3-2.el10_1.s390x.rpm", "nginx-mod-http-perl-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-devel-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-debugsource-2:1.26.3-2.el10_1.aarch64.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-mod-stream-debuginfo-2:1.26.3-2.el10_1.s390x.rpm", "nginx-debugsource-2:1.26.3-2.el10_1.x86_64.rpm", "nginx-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-perl-debuginfo-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-mod-http-xslt-filter-2:1.26.3-2.el10_1.ppc64le.rpm", "nginx-core-2:1.26.3-2.el10_1.s390x.rpm", "nginx-2:1.26.3-2.el10_1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate nginx security update available for Rocky Linux 10, addressing data injection via man-in-the-middle on TLS proxied connections.. Rocky Linux Nginx Security Update TLS Injection CVSS. . LinuxSecurity.com Team
Mar 27, 2026
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!