nginx:1.24 security update

エラータID: AXSA:2026-1164:01

Release date: 
Wednesday, July 1, 2026 - 18:13
Subject: 
nginx:1.24 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

* nginx: ngx_http_rewrite_module: code execution and denial of service (CVE-2026-9256)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-9256
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Modularity name: "nginx"
Stream name: "1.24"

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nginx-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.src.rpm
    MD5: a7a246dab7ed6a265e535ef16495e6ea
    SHA-256: 5bf907d4b390fd714e8d9cf5d55e168a769b92f83338139bba8a54250be62555
    Size: 1.12 MB

Asianux Server 8 for x86_64
  1. nginx-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: 89c5fbbb2cce54dec2d35a33a618dd2d
    SHA-256: fd88740d4571b73e133cf2b26f2ea5ed30d87f9759b1d181aad48bcc5ea8c922
    Size: 600.45 kB
  2. nginx-all-modules-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.noarch.rpm
    MD5: 59bde6d00fe480d2cf33be3d67bb5c0a
    SHA-256: 1204b337b5aa937617cf39bb97d08d433d4c4b178a82efa3185ec8836dda7218
    Size: 25.58 kB
  3. nginx-debugsource-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: 5984253dc724c1ab1e1ad1d343be8837
    SHA-256: 12afcd6c5bba374bd61c3d71adb3f25e91cffd5e9c088b2824154ca3c1eb365e
    Size: 697.89 kB
  4. nginx-filesystem-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.noarch.rpm
    MD5: c38f82773eb848a298411e1a1d6284c6
    SHA-256: 4d316f1f1b69379d8f11b9a6004b72dcdc00c0fa4f8e6c284bb43f1d7555f019
    Size: 26.55 kB
  5. nginx-mod-devel-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: f47e8a3aca868d00352087a3a84b5fc2
    SHA-256: b48455316d882749dad00da06734f38031a8ff45a43ee7502d92c14787141a6a
    Size: 967.07 kB
  6. nginx-mod-http-image-filter-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: 0d0b59866d3b638a008d2cb8a4a6ac25
    SHA-256: 54e14960a70159637db960e362f7c6f66dbe146b8978d23571e6e74a5abd4f43
    Size: 36.98 kB
  7. nginx-mod-http-perl-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: fded45c91bdc337b0221920dd4c1c499
    SHA-256: 9ead2cd7dc8156c2d9d5edae78e05d05735ecad4e9179205c12d29a25c125f0a
    Size: 48.75 kB
  8. nginx-mod-http-xslt-filter-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: 706d087d6c10b2c89668daaded823f8f
    SHA-256: ba807a5df14b98b307b9eae968f528f860d5cb2f3fed783487fcfb463a4e4ac9
    Size: 35.61 kB
  9. nginx-mod-mail-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: ffc967d26e774139d0718aabae530c94
    SHA-256: 53b5ce525769422660e1bbcd077d08f426989cc7e7279c138bdf35b76c77fdf6
    Size: 69.25 kB
  10. nginx-mod-stream-1.24.0-3.module+el8+1997+105d7bbb.2.ML.1.x86_64.rpm
    MD5: df1e0a9a9f01275482698b7307b80cc3
    SHA-256: 401b29c7e3d26c6d8a72e20f3e2c8af79c442dcb2efc29c328876334a2c6b5ca
    Size: 96.23 kB