==========================================================================
Ubuntu Security Notice USN-7285-1
February 24, 2025
nginx vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled when multiple
server blocks are configured to share the same IP address and port.
An attacker could use this issue to use session resumption to bypass
client certificate authentication requirements on these servers.
This issue only affected Ubuntu 24.10.
A buffer overflow and a null pointer deref was fixed in nginx rtmp module
(#LP 1977718). This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
nginx 1.26.0-2ubuntu3.2
nginx-common 1.26.0-2ubuntu3.2
nginx-core 1.26.0-2ubuntu3.2
nginx-dev 1.26.0-2ubuntu3.2
nginx-doc 1.26.0-2ubuntu3.2
nginx-extras 1.26.0-2ubuntu3.2
nginx-full 1.26.0-2ubuntu3.2
nginx-light 1.26.0-2ubuntu3.2
Ubuntu 22.04 LTS
libnginx-mod-rtmp 1.18.0-6ubuntu14.6
nginx 1.18.0-6ubuntu14.6
nginx-common 1.18.0-6ubuntu14.6
nginx-core 1.18.0-6ubuntu14.6
nginx-doc 1.18.0-6ubuntu14.6
nginx-extras 1.18.0-6ubuntu14.6
nginx-full 1.18.0-6ubuntu14.6
nginx-light 1.18.0-6ubuntu14.6
Ubuntu 20.04 LTS
libnginx-mod-rtmp 1.18.0-0ubuntu1.7
nginx 1.18.0-0ubuntu1.7
nginx-common 1.18.0-0ubuntu1.7
nginx-core 1.18.0-0ubuntu1.7
nginx-doc 1.18.0-0ubuntu1.7
nginx-extras 1.18.0-0ubuntu1.7
nginx-full 1.18.0-0ubuntu1.7
nginx-light 1.18.0-0ubuntu1.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7285-1
CVE-2025-23419, https://launchpad.net/bugs/1977718
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.26.0-2ubuntu3.2
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.6
https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.7
No comments:
Post a Comment