nginx-1.20.1-28.el9_8.2.ML.1
エラータID: AXSA:2026-1233:04
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Update packages.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
N/A
SRPMS
- nginx-1.20.1-28.el9_8.2.ML.1.src.rpm
MD5: 4e4627bae89c2c004bfa626907f7baec
SHA-256: d4e8e25657b902bd6eae74cd9757aa97b8e573fce71b67a462d33fe4a34f7f83
Size: 1.08 MB
Asianux Server 9 for x86_64
- nginx-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: ce01e681fee35a072701e6cc31211762
SHA-256: 056bfa20786e38bcc7f6b1a342fd93ce401fecad0ef3b9d707075f71cbc6b4a0
Size: 37.15 kB - nginx-all-modules-1.20.1-28.el9_8.2.ML.1.noarch.rpm
MD5: 51abc5408daf5121ccd1981a396a84a7
SHA-256: e9eb1789d33e41dec05546f8bde5e6a191096ebf797aa5ba744be9d03e4de673
Size: 8.80 kB - nginx-core-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 27c7bb9643fc39022443d86d4ec7e899
SHA-256: 1fde2708ac9f2349b74c1702be1da85ad56d46675e6a470a0d0955a477ef96f4
Size: 573.76 kB - nginx-filesystem-1.20.1-28.el9_8.2.ML.1.noarch.rpm
MD5: c25cbbaf4b8e9cf5235173f7c2d48c79
SHA-256: 194f240e02aadda55dbf99c262463b6db4caca129258d6c62169808ae015723f
Size: 10.36 kB - nginx-mod-devel-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 29c4750bf2b48a1d363694287b428a8d
SHA-256: c417819a8c59be5c7743ef8024169dc4f7c51d2183aab161e6d5f60c929fd6c9
Size: 835.40 kB - nginx-mod-http-image-filter-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 2d05f78cdda9991ccc1577e917ff6721
SHA-256: 5159632945c4d56ffae429a9731aa7084bed11c32d23d14c7b741ad46c301d97
Size: 20.46 kB - nginx-mod-http-perl-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 0e0dc961cf081be3a625ef94fde7a259
SHA-256: 42f69850e6d76d16165dc5c93e1df648dceb48cab1b4d8c980f5f8fc3ff1e1a2
Size: 31.88 kB - nginx-mod-http-xslt-filter-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: cf97d390765464778d7a17345ea8df95
SHA-256: 22a91aa5f896ceffb0425b8a0939d30fe20b01c5ddf8b7be977be03d86fcafbe
Size: 19.22 kB - nginx-mod-mail-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 09948075eb9e6a339e645ef8cd815e51
SHA-256: b24354ba171e04432f9cd11c0d3011db8bb4b0b1da53c4db6e35fcb9382c5940
Size: 52.86 kB - nginx-mod-stream-1.20.1-28.el9_8.2.ML.1.x86_64.rpm
MD5: 47a3640798ba2de6df0f7c670eb2986b
SHA-256: f0cd34cc2b9019059ef84290ed53857dcea87988ef926fbbcac2feb1e281342a
Size: 78.05 kB