nginx:1.22 security update

エラータID: AXSA:2026-703:01

リリース日: 
2026/05/21 Thursday - 17:28
題名: 
nginx:1.22 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

nginx is a web and proxy server supporting HTTP and other protocols, with a
focus on high concurrency, performance, and low memory usage.

Security Fix(es):

nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Modularity name: "nginx"
Stream name: "1.22"

解決策: 

Update packages.

CVE: 
CVE-2026-42945
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. nginx-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.src.rpm
    MD5: d76e915a1b3e59e114e977377b5a7ba9
    SHA-256: 97c9c812c8fdaf64049f9b14a8a817d11f713e13f378768e7602158c5f193e11
    Size: 1.09 MB

Asianux Server 9 for x86_64
  1. nginx-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: a4bca4ae89eab67ef4fcbeb31712bda4
    SHA-256: 0ec0b3cc7aff40bbc75b2a651b37effed8eabf84d89eec65f2e05d14892ed53e
    Size: 40.37 kB
  2. nginx-all-modules-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.noarch.rpm
    MD5: 39a7db6a085b32a09a4a161cd75066c8
    SHA-256: 0f93d77a3694363b802a2843fbab87df44e235dd2ab260f3f067a83723162cd0
    Size: 7.45 kB
  3. nginx-core-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: a68747a5a6b6e8093d59ff796a1724bc
    SHA-256: 2be6d3acafe7e18b4729f023441ee2ae55c2df618f9e9f69a4b5abf6b7a7dd58
    Size: 577.28 kB
  4. nginx-debugsource-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: 1c3b3effa611a2d1e2397fadfc9875cf
    SHA-256: 5447405b9d5ebcd1c153a07ec40cc0f236f48b54b61dcea64aa1f7febff0fccc
    Size: 611.17 kB
  5. nginx-filesystem-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.noarch.rpm
    MD5: e8ba4e1a8b3a951bbacf66bb38cf0c08
    SHA-256: a1a927e32980c6d495060b8f543defc06250debb86d21768f294facfb1d1156f
    Size: 8.40 kB
  6. nginx-mod-devel-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: e385735d1da483ab541087db18f46aa7
    SHA-256: e40000fa364ae50c195bc81efcb9922a31bf8c99a6f549eec8f062009dc7f0cf
    Size: 842.06 kB
  7. nginx-mod-http-image-filter-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: f1dbbf83b46e04a079d529ad74a05538
    SHA-256: cfb85753e8af550f178ab4242ba03d187ad5125bb07e9cc0e7ffe53cdd765310
    Size: 19.05 kB
  8. nginx-mod-http-perl-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: 48457b090633164b7e5c46865e87736b
    SHA-256: 01c5512e650500926be1ba46fd5a5865b0860099cf75dfb75fabaafad0003067
    Size: 30.47 kB
  9. nginx-mod-http-xslt-filter-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: 0b98a29feae9765ca0b8501c9ba21a97
    SHA-256: 716de3f4a11d0196976388abc0f47dc5613d95fe13c6097492ce53db415fb680
    Size: 17.82 kB
  10. nginx-mod-mail-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: 08c7c790b2245b321672bd5d77227f80
    SHA-256: c6031f67a6e1ca62e87a65ed457df72b111be3b5d586f8da1797e3dc05bd781d
    Size: 52.59 kB
  11. nginx-mod-stream-1.22.1-8.module+el9+1152+bfd72286.1.ML.2.x86_64.rpm
    MD5: 24f6ca17a3611c370f7f46d21e2caeae
    SHA-256: cb5b8060ebc4b8d011ca220b65779c49624ce469497562f01db1e75931b38c21
    Size: 79.00 kB