Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:03444-1

Опубликовано: 01 окт. 2025
Источник: suse-cvrf

Описание

Security update for nginx

This update for nginx fixes the following issues:

  • CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070).
  • CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6
nginx-1.21.5-150600.10.12.1
nginx-source-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
nginx-1.21.5-150600.10.12.1
nginx-source-1.21.5-150600.10.12.1
openSUSE Leap 15.6
nginx-1.21.5-150600.10.12.1
nginx-source-1.21.5-150600.10.12.1

Ссылки

Описание

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1
Ссылки

Описание

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1
Ссылки