Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: nginx Critical Memory Disclosure CVE-2025-53859

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Memory disclosure vulnerability in nginx on Fedora 42 requires urgent update. Learn more about the implications and patch instructions.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and

IMAP protocols, with a strong focus on high concurrency, performance and low

memory usage.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now built using W...

Topics%20covered

Topics Covered

security advisory fedora critical authentication nginx memory disclosure

Change Log

* Wed Dec 24 2025 Felix Kaechele - 2:1.28.1-1 - update to 1.28.1 * Thu Nov 20 2025 Lubo\u0161 Uhliarik - 2:1.28.0-5 - Remove 50x.html from the nginx-core package * Tue Sep 16 2025 Lubo\u0161 Uhliarik - 2:1.28.0-4 - Add tmpfiles.d rules for /var directories (bootc compatibility) * Thu Jul 24 2025 Fedora Release Engineering - 2:1.28.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-8caa129b2e 2026-01-04 01:00:12.006176+00:00
Name : nginx Product : Fedora 42 Version : 1.28.1 Release : 1.fc42 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8caa129b2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx
Product: Fedora 42
Version: 1.28.1
Release: 1.fc42
URL: https://nginx.org
Summary: A high performance web server and reverse proxy server

Topics%20covered

Topics Covered

security advisory fedora critical authentication nginx memory disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here