Description of the patch:
This update for nginx fixes the following issues:
- CVE-2026-1642: plain text data injection into the response from an upstream proxied server (bsc#1257675).
- CVE-2026-27654: buffer overflow in the NGINX worker process via the
ngx_http_dav_module module (bsc#1260416).
- CVE-2026-27784: NGINX worker memory over-read or over-write via a specially crafted MP4 file (bsc#1260417).
- CVE-2026-28753: improper handling onf CRLF sequences in CRLF responses allows for arbitrary header injection into SMTP
upstream requests (bsc#1260418).
- CVE-2026-28755: TLS handshakes can succeed with revoked certificates due to improper handling of such certificates by
the
ngx_stream_ssl_module module (bsc#1260419).