Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: Critical Memory Disclosure in nginx-mod-vts CVE-2025-53859

fedora
Calendar Grey January 4, 2026
Dist Fedora Esm H88
Security advisory for Fedora 42 addressing nginx-mod-vts vulnerabilities including significant memory disclosure risks.
Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might ...

Summary

Nginx virtual host traffic status module.

Update Information:

Changes with nginx 1.28.1 23 Dec 2025 *) Security: processing of a specially crafted login/password when using the "none" authentication method in the ngx_mail_smtp_module might cause worker process memory disclosure to the authentication server (CVE-2025-53859). *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive and "proxy_pass" with a URI were used. *) Bugfix: in handling "Host" and ":authority" header lines with equal values when using HTTP/2; the bug had appeared in 1.17.9. *) Bugfix: in handling "Host" header lines with a port when using HTTP/3. *) Bugfix: an XCLIENT command didn't use the xtext encoding. Thanks to Igor Morgenstern of Aisle Research. *) Bugfix: in SSL certificate caching during reconfiguration. *) Bugfix: in delta-seconds processing in the "Cache-Control" backend response header line. *) Change: the native nginx/Windows binary release is now ...

Topics%20covered

Topics Covered

security advisory fedora important authentication issue memory disclosure nginx-mod-vts

Change Log

* Fri Dec 26 2025 Felix Kaechele - 0.2.4-4 - Rebuild for 1.28.1 * Thu Jul 24 2025 Fedora Release Engineering - 0.2.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References

Fedora Update Notification FEDORA-2025-8caa129b2e 2026-01-04 01:00:12.006176+00:00 Name : nginx-mod-vts Product : Fedora 42 Version : 0.2.4 Release : 4.fc42 URL : https://github.com/vozlt/nginx-module-vts Summary : Nginx virtual host traffic status module Description : Nginx virtual host traffic status module.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8caa129b2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nginx-mod-vts
Product: Fedora 42
Version: 0.2.4
Release: 4.fc42
URL: https://github.com/vozlt/nginx-module-vts
Summary: Nginx virtual host traffic status module

Topics%20covered

Topics Covered

security advisory fedora important authentication issue memory disclosure nginx-mod-vts

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here