drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in nginx (Aktualisierung)
| Name: |
Mangelnde Rechteprüfung in nginx (Aktualisierung) |
|
| ID: |
USN-7285-2 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 24.04 LTS |
|
| Datum: |
Mi, 2. April 2025, 11:19 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2025-23419 |
|
| Applikationen: |
nginx |
|
| Update von: |
Mangelnde Rechteprüfung in nginx |
|
Originalnachricht |
--===============7063872637393338403==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="x+6KMIRAuhnl3hBn"
Content-Disposition: inline
--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-7285-2
April 01, 2025
nginx vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
nginx could be made to bypass client certificate authentication
requirements.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
USN-7285-1 fixed vulnerabilities in nginx.
This update provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that nginx incorrectly handled when multiple
server blocks are configured to share the same IP address and port.
An attacker could use this issue to use session resumption to bypass
client certificate authentication requirements on these servers.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.3
nginx-common 1.24.0-2ubuntu7.3
nginx-core 1.24.0-2ubuntu7.3
nginx-extras 1.24.0-2ubuntu7.3
nginx-full 1.24.0-2ubuntu7.3
nginx-light 1.24.0-2ubuntu7.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7285-2
https://ubuntu.com/security/notices/USN-7285-1
CVE-2025-23419
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.3
--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmfsAo4ACgkQRbznW4QL
H2mrSw/9EBvvrPXFZZ51ZsAzhL9ihCFCXzEvMV7ndeN78UX9E+TbdezmclGTLupO
B6Kpm+9Eqn6naJJYerCgfiRpAm0KfqrO/2Oi7kW9bHMyKfpbpZxb0khg5r2mAdw3
IVRrKF7dVq0VrnNW38rhSIPAZ4LX6tDJjy6aoiu3CdJzImCQDOp3obKHWwS0GtWS
Bn0ysymBMkoXnmNvpcH2hzjKkH4RcdTPOWxAjiwiZsdRNTrVkjV24oSbPp7iwzjS
vTpmB4GxZfYJthVny31wijkBytDaOR1t8N51bTEWm5rZPLcvxSAXHkBqpMeQ3926
Tr2F3kyGJtKkUGbootDC3waDw9XCuUk3dvTMA3pfQwRrFsEk3K8XeZ6gDBZayk3l
zlAhmE0S5wIZUx4wbuPbExwytKJmcMTljXUY/5rMTpCjhcQLVyNmbMjMuSEIfbtN
5HZ2oOgLloFmWIOjn+SzjfSPPAFPnveUdaiCirzzDIMFyBm9xfK30DAKS43ECJX0
If2+i1hYyC+ZXGNI0VOz4HUudBzUQA2BbFU6nYbxdJ1GubnqcCuYalc36Ci4wvmd
O0Vh0akesLrK0n8JIag49oqb4PPiSMg9JiHCnFSOgM7jUTe+w0o9wVgIMRFlzBi7
8ObvyX+FxatxGBsrKlUg23dNbYeULX+pfhdCIAuMTgzGgiEOzQI=
=gw37
-----END PGP SIGNATURE-----
--x+6KMIRAuhnl3hBn--
--===============7063872637393338403==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============7063872637393338403==--
|
|
|
|
