Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Fedora 42: nginx-mod-headers-more Critical Data Exposure CVE-2025-53860

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Critical update for Fedora 42 addressing nginx memory disclosure risk under certain authentication conditions.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

This module allows adding, setting, or clearing specified input/output headers.

This is an enhanced version of the standard headers module because it provides

more utilities like resetting or clearing "builtin headers" like Content-Type,

Content-Length, and Server.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now ...

Topics%20covered

Topics Covered

security advisory fedora important authentication memory disclosure nginx-mod-headers-more

Change Log

* Fri Dec 26 2025 Felix Kaechele - 0.39-4 - Rebuild for 1.28.1 * Thu Jul 24 2025 Fedora Release Engineering - 0.39-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-8caa129b2e 2026-01-04 01:00:12.006176+00:00 Name : nginx-mod-headers-more Product : Fedora 42 Version : 0.39 Release : 4.fc42 URL : https://github.com/openresty/headers-more-nginx-module Summary : This module allows adding, setting, or clearing specified input/output headers Description : This module allows adding, setting, or clearing specified input/output headers. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8caa129b2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx-mod-headers-more
Product: Fedora 42
Version: 0.39
Release: 4.fc42
URL: https://github.com/openresty/headers-more-nginx-module
Summary: This module allows adding, setting, or clearing specified input/output headers

Topics%20covered

Topics Covered

security advisory fedora important authentication memory disclosure nginx-mod-headers-more

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here