nginx-1.20.1-24.el9_7.3.ML.1
エラータID: AXSA:2026-640:03
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Update packages.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
N/A
SRPMS
- nginx-1.20.1-24.el9_7.3.ML.1.src.rpm
MD5: 63e9ff05f8df9c91bd251bc7ebf638be
SHA-256: 89cf207d3fdbb6b2a07b995f0e6befa83cea4a6a4af232bfc5dbf5906163007d
Size: 1.08 MB
Asianux Server 9 for x86_64
- nginx-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: f08283b3bd311f1844567db5c4bb651a
SHA-256: d1a77564bb85b8aa2b60cc0962b56e542f22c11ffb215ea60e41774753861d0a
Size: 37.05 kB - nginx-all-modules-1.20.1-24.el9_7.3.ML.1.noarch.rpm
MD5: 672225bf305499fb65b02a63dd716c31
SHA-256: 55da8d5b6ff8a80e0b11b3c6d28b7915b6ef6c2565402907649363b73b772d45
Size: 8.74 kB - nginx-core-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: 52eefff06402f2f78cbd0f6420b82dd8
SHA-256: b2097626d6c4e68fa4aff22b5b706457d15bc5a61708946e9ff04650ff306302
Size: 573.15 kB - nginx-filesystem-1.20.1-24.el9_7.3.ML.1.noarch.rpm
MD5: 40ac7278505e6efe5603c7afacdc6824
SHA-256: 8e26de8a1d721e6e920fb087069a3d64cf4ef8f103c21ccc0d58356425bbd28c
Size: 10.31 kB - nginx-mod-devel-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: a26cd6a42c648d150ce98445b273b7b8
SHA-256: 1929d561a1ed477940f570cc1999f1d6b1f23b5e168e6a5b1f5603a16f64fd27
Size: 835.56 kB - nginx-mod-http-image-filter-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: 060d7ec932491d3fcfe6f0a7d6fa21db
SHA-256: 51b215f33b24ff83805f0ba4f073f14ef12e1a57fd4638dca7a84900c32e6bb5
Size: 20.42 kB - nginx-mod-http-perl-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: 91a02eda106d6c3df0782a55f3a5e039
SHA-256: 8b0deef7e913d241cf5d5ce66cf552426289aaa4a041675a345eafa42f36eb3e
Size: 31.81 kB - nginx-mod-http-xslt-filter-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: 8029169227b42f278bf369e5cda80068
SHA-256: e65a68c95724969d9d132841df2ca86be6d6370e8143d4dd2d574f6615b12ece
Size: 19.16 kB - nginx-mod-mail-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: 41cd9000a1122291e41ca7b3ac28dcad
SHA-256: d78f27d4554aaeaa37539db787ff555a8efb430c2eb5e26506af9f63a228b417
Size: 52.78 kB - nginx-mod-stream-1.20.1-24.el9_7.3.ML.1.x86_64.rpm
MD5: ca79cf7de11ed10e27503330ae4c0283
SHA-256: 6fe43c34b1c0051b1a21be72d43cfeecd9d9d8df80449ba0cb013a394fe2adc6
Size: 78.01 kB