- What: Security update for nginx:1.24 on Red Hat Enterprise Linux 9.4
- Impact: Addresses denial of service and code execution vulnerabilities
Red Hat Product Errata RHSA-2026:15943 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:15943 - Security Advisory Overview Updated Packages Synopsis Important: nginx:1.24 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647) NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654) NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784) NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2449598 - CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files BZ - 2450776 - CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module BZ - 2450785 - CVE-2026-27784 NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file BZ - 2450791 - CVE-2026-27651 NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVEs CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-32647 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM nginx-1.24.0-1.module+el9.4.0+24260+3e6db809.4.src.rpm SHA-256: e94c65d1701c6743ae289d1576235787bd9782948fa0c019138a1c02f1ad838b x86_64 nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 77bf4725f674ff2534e3024da93f7bdf4bb0462b8f10e6dce8b3e9a49dae2ade nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-core-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 0362ce6a17aaff28b0b83aec6c2be96286df23019151df52c9705cfa97fb5fb8 nginx-core-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: eed6794c51dd14a4fb249bdd01fe3e0fa75a9564959d61266c5547fb9f1d13a9 nginx-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 29d47d36b16c63e44b124ba6b87adeab088b13e46c1191022df46368fe19aa48 nginx-debugsource-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: c65bcba0d7ab7769a4caebbf24ed6a3960f4dfd7494f77d20784814ec2480b21 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-mod-devel-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 0a544f75623a9ca5485cb186f790773248a05fefb589d856039f98715d11951d nginx-mod-http-image-filter-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: bc494264b1d2bbe84328960d0daba019a1300f97648f39765aabeaf4016f2f9c nginx-mod-http-image-filter-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 4a9956518d12c140054f9ae7329d1ad38213472f0cb0bfdd7dae4a626ddc7a08 nginx-mod-http-perl-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: b3c454c6def773d60e3bda516375744ceeb7e30f76aa041115337b35d4dc7c52 nginx-mod-http-perl-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: f55ad793c137877b332d2eec805e42b01a8047c2f4a289fe461ba615981c0e29 nginx-mod-http-xslt-filter-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: ba8487dd0ab0939b3459061d7a1fb81de68e33a9e88ebf65c18033c85191ba76 nginx-mod-http-xslt-filter-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: e17fa6041e3e34b3f8f01dcc24fb9fad2c3fa032be0a11c1186bb4e4dbb1826c nginx-mod-mail-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: add8d494d29ce4088618c673395e7da473afc42bf7f77c10379857c43f0977cc nginx-mod-mail-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: e442c19f4d9ede38b24b1806d9e6a00a595a61219b51b494cb501deef46575cf nginx-mod-stream-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 72453e7f0343eabded943d83d8cddaaadf660695e05310610370866e7f9d6c88 nginx-mod-stream-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 8179bc76fbaa845da1d71853cf6effd187a00af29cae7f07fcff17c908c794e6 nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 Red Hat Enterprise Linux Server - AUS 9.4 SRPM nginx-1.24.0-1.module+el9.4.0+24260+3e6db809.4.src.rpm SHA-256: e94c65d1701c6743ae289d1576235787bd9782948fa0c019138a1c02f1ad838b x86_64 nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 77bf4725f674ff2534e3024da93f7bdf4bb0462b8f10e6dce8b3e9a49dae2ade nginx-all-modules-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 1bb4cc188ba3042bce7f375265f7347831c28d5e9292168d171418cea469cae3 nginx-core-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 0362ce6a17aaff28b0b83aec6c2be96286df23019151df52c9705cfa97fb5fb8 nginx-core-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: eed6794c51dd14a4fb249bdd01fe3e0fa75a9564959d61266c5547fb9f1d13a9 nginx-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 29d47d36b16c63e44b124ba6b87adeab088b13e46c1191022df46368fe19aa48 nginx-debugsource-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: c65bcba0d7ab7769a4caebbf24ed6a3960f4dfd7494f77d20784814ec2480b21 nginx-filesystem-1.24.0-1.module+el9.4.0+24260+3e6db809.4.noarch.rpm SHA-256: 6f41cdfc348d92cc417f060cff16bc2b6e64bec7b04296796895cb8c6c568774 nginx-mod-devel-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 0a544f75623a9ca5485cb186f790773248a05fefb589d856039f98715d11951d nginx-mod-http-image-filter-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: bc494264b1d2bbe84328960d0daba019a1300f97648f39765aabeaf4016f2f9c nginx-mod-http-image-filter-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: 4a9956518d12c140054f9ae7329d1ad38213472f0cb0bfdd7dae4a626ddc7a08 nginx-mod-http-perl-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: b3c454c6def773d60e3bda516375744ceeb7e30f76aa041115337b35d4dc7c52 nginx-mod-http-perl-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: f55ad793c137877b332d2eec805e42b01a8047c2f4a289fe461ba615981c0e29 nginx-mod-http-xslt-filter-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: ba8487dd0ab0939b3459061d7a1fb81de68e33a9e88ebf65c18033c85191ba76 nginx-mod-http-xslt-filter-debuginfo-1.24.0-1.module+el9.4.0+24260+3e6db809.4.x86_64.rpm SHA-256: e17fa6041e3e34b3f8f01dcc24fb9fad2c3fa032be0a11c1186bb4e4dbb1826c nginx-mod-mail-1.24.0-1.module+el9.4.0+2