Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Attention: Fedora 42 Nginx mod-naxsi Memory Disclosure Alert CVE-2025-53859

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Critical security advisory for Fedora 42: nginx-mod-naxsi memory disclosure risk due to exploit in authentication.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

naxsi is an nginx module that provides score based Web Application Firewall

(WAF) abilities in a highly granular fashion.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now ...

Topics%20covered

Topics Covered

security advisory fedora critical authentication nginx memory disclosure

Change Log

* Fri Dec 26 2025 Felix Kaechele - 1.6-12 - Rebuild for 1.28.1 * Thu Jul 24 2025 Fedora Release Engineering - 1.6-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-8caa129b2e 2026-01-04 01:00:12.006176+00:00 Name : nginx-mod-naxsi Product : Fedora 42 Version : 1.6 Release : 12.fc42 URL : https://github.com/wargio/naxsi Summary : nginx web application firewall module Description : naxsi is an nginx module that provides score based Web Application Firewall (WAF) abilities in a highly granular fashion.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8caa129b2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nginx-mod-naxsi
Product: Fedora 42
Version: 1.6
Release: 12.fc42
URL: https://github.com/wargio/naxsi
Summary: nginx web application firewall module

Topics%20covered

Topics Covered

security advisory fedora critical authentication nginx memory disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here