Multiple Nginx Versions Released with Security Updates
Severity: Medium (Score: 42.9)
Sources: launchpad.net
Published: · Updated:
Keywords: variables, ngx_http_geoip, module, creates, values, depending, client
Summary
On June 1, 2026, multiple updates for Nginx were released, including versions 1.28.0-6ubuntu1.4 and 1.28.3-2ubuntu1.2. These updates address vulnerabilities in the ngx_http_geoip, ngx_http_image_filter, and ngx_http_perl modules, which can expose sensitive user data based on IP addresses. The updates also include enhancements to mail and stream proxy support. Users of affected Nginx versions are advised to upgrade to mitigate potential risks. The updates are crucial for maintaining the security of web and mail servers running Nginx. The specific vulnerabilities and their impacts were not detailed in the articles, but the updates are part of routine security maintenance. Key Points: • Nginx versions 1.28.0-6ubuntu1.4 and 1.28.3-2ubuntu1.2 released with security updates. • Vulnerabilities in geoip, image_filter, and perl modules can expose user data. • Users are urged to upgrade to the latest versions to ensure server security.
Detailed Analysis
**Impact** Multiple versions of Nginx, including 1.24.0-2ubuntu7.9, 1.28.0-6ubuntu1.4, and 1.28.3-2ubuntu1.2, have been released with security updates affecting web servers globally. Organizations relying on these versions for web and mail proxy services, particularly those using GeoIP, image_filter, Perl, XSLT, mail, and stream modules, are impacted. The updates are relevant to sectors dependent on high-performance web infrastructure, but no specific data breach or exploitation scope is detailed in the sources. **Technical Details** The updates address vulnerabilities related to modules that handle client IP-based variables (GeoIP), image transformations, embedded Perl runtime, XML transformations (XSLT), mail proxying, and stream proxying. No explicit CVEs, attack vectors, malware, or IOCs are provided. The security improvements likely mitigate risks in the processing of client data and proxy services, affecting multiple layers of the kill chain, including initial access and lateral movement. **Recommended Response** Apply the latest Nginx package updates immediately for versions 1.24.0-2ubuntu7.9, 1.28.0-6ubuntu1.4, and 1.28.3-2ubuntu1.2 to ensure patched modules are in use. Harden configurations related to GeoIP, image_filter, Perl, XSLT, mail, and stream modules by disabling unused features and reviewing access controls. Monitor network traffic for anomalies in mail and stream proxy operations. No specific IOCs or detection signatures are available from the current information.
Source articles (3)
- 1.28.3-2ubuntu1.2 — launchpad.net · 2026-06-01
The ngx_http_geoip module creates variables with values depending on the client IP address, using the precompiled MaxMind databases. . Those variables include country, region, city, latitude, longitud… - 1.28.0-6ubuntu1.4 — launchpad.net · 2026-06-01
The ngx_http_geoip module creates variables with values depending on the client IP address, using the precompiled MaxMind databases. . Those variables include country, region, city, latitude, longitud… - 1.24.0-2ubuntu7.9 — launchpad.net · 2026-06-01
The ngx_http_geoip module creates variables with values depending on the client IP address, using the precompiled MaxMind databases. . Those variables include country, region, city, latitude, longitud…
Timeline
- 2026-06-01 — Nginx updates released: Versions 1.28.0-6ubuntu1.4 and 1.28.3-2ubuntu1.2 were released to address vulnerabilities in various modules.
- 2026-06-01 — Security advisories issued: Advisories recommend upgrading to the latest Nginx versions to mitigate risks from vulnerabilities.