Ubuntu alert USN-7285-2 (nginx)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7285-2] nginx vulnerability | |
| Date: | Tue, 01 Apr 2025 12:13:21 -0300 | |
| Message-ID: | <20250401151321.GA1014237@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-7285-2 April 01, 2025 nginx vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: nginx could be made to bypass client certificate authentication requirements. Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.3 nginx-common 1.24.0-2ubuntu7.3 nginx-core 1.24.0-2ubuntu7.3 nginx-extras 1.24.0-2ubuntu7.3 nginx-full 1.24.0-2ubuntu7.3 nginx-light 1.24.0-2ubuntu7.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7285-2 https://ubuntu.com/security/notices/USN-7285-1 CVE-2025-23419 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.3
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmfsAo4ACgkQRbznW4QL H2mrSw/9EBvvrPXFZZ51ZsAzhL9ihCFCXzEvMV7ndeN78UX9E+TbdezmclGTLupO B6Kpm+9Eqn6naJJYerCgfiRpAm0KfqrO/2Oi7kW9bHMyKfpbpZxb0khg5r2mAdw3 IVRrKF7dVq0VrnNW38rhSIPAZ4LX6tDJjy6aoiu3CdJzImCQDOp3obKHWwS0GtWS Bn0ysymBMkoXnmNvpcH2hzjKkH4RcdTPOWxAjiwiZsdRNTrVkjV24oSbPp7iwzjS vTpmB4GxZfYJthVny31wijkBytDaOR1t8N51bTEWm5rZPLcvxSAXHkBqpMeQ3926 Tr2F3kyGJtKkUGbootDC3waDw9XCuUk3dvTMA3pfQwRrFsEk3K8XeZ6gDBZayk3l zlAhmE0S5wIZUx4wbuPbExwytKJmcMTljXUY/5rMTpCjhcQLVyNmbMjMuSEIfbtN 5HZ2oOgLloFmWIOjn+SzjfSPPAFPnveUdaiCirzzDIMFyBm9xfK30DAKS43ECJX0 If2+i1hYyC+ZXGNI0VOz4HUudBzUQA2BbFU6nYbxdJ1GubnqcCuYalc36Ci4wvmd O0Vh0akesLrK0n8JIag49oqb4PPiSMg9JiHCnFSOgM7jUTe+w0o9wVgIMRFlzBi7 8ObvyX+FxatxGBsrKlUg23dNbYeULX+pfhdCIAuMTgzGgiEOzQI= =gw37 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)