CVE-2025-23419 vulnerability in nginx
Bug #2105509 reported by
imm6
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Ubuntu) |
In Progress
|
Undecided
|
Leonidas S. Barbosa |
Bug Description
nginx announced the CVE-2025-23419 vulnerability on February 5, 2025:
https:/
The problem affects nginx 1.11.4 and newer built with OpenSSL if the
TLSv1.3 protocol and session resumption are enabled either with
ssl_session_cache or ssl_session_
The problem is fixed in 1.26.3 and 1.27.4.
At https:/
24.04's current version of nginx is 1.24.0-2ubuntu7.1 which has this vulnerability.
PCI tests are failing due to this vulnerability not yet being addressed in Ubuntu LTS.
information type: | Private Security → Public Security |
Changed in nginx (Ubuntu): | |
assignee: | nobody → Leonidas S. Barbosa (leosilvab) |
status: | New → In Progress |
To post a comment you must log in.