Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: Nginx Important Memory Disclosure CVE-2025-53859

fedora
Calendar Grey January 3, 2026
Dist Fedora Esm H88
Nginx 1.28.1 on Fedora 43 addresses a critical memory disclosure flaw classed as important. Update advised.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and

IMAP protocols, with a strong focus on high concurrency, performance and low

memory usage.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now built using W...

Topics%20covered

Topics Covered

security advisory fedora important authentication nginx memory disclosure

Change Log

* Wed Dec 24 2025 Felix Kaechele - 2:1.28.1-1 - update to 1.28.1 * Thu Nov 20 2025 Lubo\u0161 Uhliarik - 2:1.28.0-5 - Remove 50x.html from the nginx-core package * Tue Sep 16 2025 Lubo\u0161 Uhliarik - 2:1.28.0-4 - Add tmpfiles.d rules for /var directories (bootc compatibility)

References

Fedora Update Notification FEDORA-2025-8aa169ea14 2026-01-03 00:41:36.670931+00:00
Name : nginx Product : Fedora 43 Version : 1.28.1 Release : 1.fc43 URL : https://nginx.org Summary : A high performance web server and reverse proxy server Description : Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx
Product: Fedora 43
Version: 1.28.1
Release: 1.fc43
URL: https://nginx.org
Summary: A high performance web server and reverse proxy server

Topics%20covered

Topics Covered

security advisory fedora important authentication nginx memory disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here