33994 – nginx new security issue CVE-2025-23419

Bug 33994 - nginx new security issue CVE-2025-23419

Summary: nginx new security issue CVE-2025-23419

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2025-02-07 10:31 CET by Nicolas Salguero
Modified:	2025-02-12 07:38 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	nginx-1.26.2-1.mga9.src.rpm
CVE:	CVE-2025-23419
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-02-07 10:31:23 CET

CVE-2025-23419 was announced here:
https://www.openwall.com/lists/oss-security/2025/02/05/8

Fix: https://github.com/nginx/nginx/commit/13935cf9fdc3c8d8278c70716417d3b71c36140e (release-1.26.3)

Nicolas Salguero 2025-02-07 10:32:21 CET

Source RPM: (none) => nginx-1.26.2-3.mga10.src.rpm, nginx-1.26.2-1.mga9.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2025-23419
Status comment: (none) => Fixed upstream in 1.26.3 and patches available from upstream

Comment 1 Lewis Smith 2025-02-09 20:02:14 CET

Stig is the normal committer for this, but other packagers touch it as well.
So assigning globally, CC'ing Stig; if you can do it, Stig - please do.

CC: (none) => smelror
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2025-02-11 09:06:27 CET

Suggested advisory:
========================

The updated package fixes a security vulnerability:

TLS Session Resumption Vulnerability. (CVE-2025-23419)

References:
https://www.openwall.com/lists/oss-security/2025/02/05/8
========================

Updated package in core/updates_testing:
========================
nginx-1.26.3-1.mga9

from SRPM:
nginx-1.26.3-1.mga9.src.rpm

Source RPM: nginx-1.26.2-3.mga10.src.rpm, nginx-1.26.2-1.mga9.src.rpm => nginx-1.26.2-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs
Status comment: Fixed upstream in 1.26.3 and patches available from upstream => (none)

Comment 3 Herman Viaene 2025-02-11 16:51:43 CET

MGA9-64 PLasma Wayland on Compaq H000SB
No installation issues
Ref bug 33509, Test page shows OK.
Welcome to nginx 1.26.3 on Mageia!
OK.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

katnatek 2025-02-11 18:40:24 CET

Keywords: (none) => advisory

Comment 4 Thomas Andrews 2025-02-11 20:58:56 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2025-02-12 07:38:32 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0051.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.