Home / mailings [USN-7715-1] nginx vulnerability
Posted on 25 August 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7715-1
August 25, 2025
nginx vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
nginx could be made to expose sensitive information over the
network.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain memory operations when doing SMTP authentication. This
could possibly result in sensitive information being sent to the
authentication server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
nginx 1.26.3-2ubuntu1.2
nginx-core 1.26.3-2ubuntu1.2
nginx-extras 1.26.3-2ubuntu1.2
nginx-full 1.26.3-2ubuntu1.2
nginx-light 1.26.3-2ubuntu1.2
Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.5
nginx-core 1.24.0-2ubuntu7.5
nginx-extras 1.24.0-2ubuntu7.5
nginx-full 1.24.0-2ubuntu7.5
nginx-light 1.24.0-2ubuntu7.5
Ubuntu 22.04 LTS
nginx 1.18.0-6ubuntu14.7
nginx-core 1.18.0-6ubuntu14.7
nginx-full 1.18.0-6ubuntu14.7
nginx-light 1.18.0-6ubuntu14.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7715-1
CVE-2025-53859
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.26.3-2ubuntu1.2
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.5
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.7
--===============2042264571113161008==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
