Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: nginx-mod-brotli Important Memory Disclosure CVE-2025-53859

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Security update for nginx-mod-brotli in Fedora 42 addresses memory disclosure risk when using none authentication.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

NGINX module for Brotli compression.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now ...

Topics%20covered

Topics Covered

security advisory fedora important memory disclosure SMTP nginx-mod-brotli

Change Log

* Fri Dec 26 2025 Felix Kaechele - 1.0.0~rc-4 - Rebuild for 1.28.1 * Thu Jul 24 2025 Fedora Release Engineering - 1.0.0~rc-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-8caa129b2e 2026-01-04 01:00:12.006176+00:00 Name : nginx-mod-brotli Product : Fedora 42 Version : 1.0.0~rc Release : 4.fc42 URL : https://github.com/google/ngx_brotli Summary : NGINX module for Brotli compression Description : NGINX module for Brotli compression.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8caa129b2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx-mod-brotli
Product: Fedora 42
Version: 1.0.0~rc
Release: 4.fc42
URL: https://github.com/google/ngx_brotli
Summary: NGINX module for Brotli compression

Topics%20covered

Topics Covered

security advisory fedora important memory disclosure SMTP nginx-mod-brotli

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here