Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: 2025-66ebd291f8 urgent: nginx Denial of Service vulnerability

fedora
Calendar Grey February 15, 2025
Dist Fedora Esm H88
Notice regarding Fedora 41 updates tackling nginx module vulnerabilities and TLS weaknesses.
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...

Summary

The Fancy Index module makes possible the generation of file listings,

like the built-in autoindex module does, but adding a touch of style.

This is possible because the module allows a certain degree of

customization of the generated content:

* Custom headers. Either local or stored remotely.

* Custom footers. Either local or stored remotely.

* Add you own CSS style rules.

* Allow choosing to sort elements by name (default),

modification time, or size; both ascending (default),

or descending.

Update Information:

Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3.

Topics%20covered

Topics Covered

security advisory fedora Fedora DoS update information doS threat TLS security TLS session nginx module bypass verification insufficient check

Change Log

* Thu Feb 6 2025 Felix Kaechele - 0.5.2-10 - Rebuild for nginx 1.26.3 * Fri Jan 17 2025 Fedora Release Engineering - 0.5.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

References


[ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344198 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2344198

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66ebd291f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx-mod-fancyindex
Product: Fedora 41
Version: 0.5.2
Release: 10.fc41
URL: https://github.com/aperezdc/ngx-fancyindex
Summary: Nginx FancyIndex module

Topics%20covered

Topics Covered

security advisory fedora Fedora DoS update information doS threat TLS security TLS session nginx module bypass verification insufficient check

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here