Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43: nginx-mod-headers-more Critical Memory Disclosure CVE-2025-53859

fedora
Calendar Grey January 3, 2026
Dist Fedora Esm H88
Critical memory disclosure risk identified in nginx-mod-headers-more for Fedora 43 requires immediate update to mitigate security issues.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

This module allows adding, setting, or clearing specified input/output headers.

This is an enhanced version of the standard headers module because it provides

more utilities like resetting or clearing "builtin headers" like Content-Type,

Content-Length, and Server.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now ...

Topics%20covered

Topics Covered

security advisory fedora critical authentication memory disclosure nginx-mod-headers-more

Change Log

* Fri Dec 26 2025 Felix Kaechele - 0.39-4 - Rebuild for 1.28.1

References

Fedora Update Notification FEDORA-2025-8aa169ea14 2026-01-03 00:41:36.670931+00:00 Name : nginx-mod-headers-more Product : Fedora 43 Version : 0.39 Release : 4.fc43 URL : https://github.com/openresty/headers-more-nginx-module Summary : This module allows adding, setting, or clearing specified input/output headers Description : This module allows adding, setting, or clearing specified input/output headers. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8aa169ea14' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx-mod-headers-more
Product: Fedora 43
Version: 0.39
Release: 4.fc43
URL: https://github.com/openresty/headers-more-nginx-module
Summary: This module allows adding, setting, or clearing specified input/output headers

Topics%20covered

Topics Covered

security advisory fedora critical authentication memory disclosure nginx-mod-headers-more

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here