Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
🔗 CVE IDs covered (8)
📋 Description
CVE-2025-53859 — nginx: NGINX ngx_mail_smtp_module vulnerability CVE-2026-1642 — nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-27651 — NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVE-2026-27654 — NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module CVE-2026-27784 — NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file CVE-2026-28753 — NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests CVE-2026-28755 — NGINX: NGINX: Certificate revocation bypass when OCSP is enabled CVE-2026-32647 — nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:8346
- externalhttps://images.redhat.com/
- externalhttps://access.redhat.com/security/cve/CVE-2025-53859
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/cve/CVE-2026-27654
- externalhttps://access.redhat.com/security/cve/CVE-2026-27784
- externalhttps://access.redhat.com/security/cve/CVE-2026-28755
- externalhttps://access.redhat.com/security/cve/CVE-2026-28753
- externalhttps://access.redhat.com/security/cve/CVE-2026-27651
- externalhttps://access.redhat.com/security/cve/CVE-2026-32647
- externalhttps://access.redhat.com/security/cve/CVE-2026-1642
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8346.json