Updated nginx packages fix security vulnerabilities
Publication date: 07 May 2026Modification date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27654 , CVE-2026-27784 , CVE-2026-32647 , CVE-2026-27651 , CVE-2026-28753 , CVE-2026-28755
Description
Buffer overflow in ngx_http_dav_module (CVE-2026-27654)
Buffer overflow in the ngx_http_mp4_module (CVE-2026-27784)
Buffer overflow in the ngx_http_mp4_module (CVE-2026-32647)
NULL pointer dereference while using CRAM-MD5 or APOP (CVE-2026-27651)
Injection in auth_http and XCLIENT (CVE-2026-28753)
OCSP result bypass in stream (CVE-2026-28755)
References
- https://bugs.mageia.org/show_bug.cgi?id=35280
- https://www.openwall.com/lists/oss-security/2026/03/26/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27654
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32647
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27651
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28755
SRPMS
9/core
- nginx-1.29.7-1.mga9