stable

nginx-1.26.3-1.fc40, nginx-mod-fancyindex-0.5.2-8.fc40, & 3 more

FEDORA-2025-016ed44ddc created by heffer a month ago for Fedora 40

Changes with nginx 1.26.3 05 Feb 2025

*) Security: insufficient check in virtual servers handling with TLSv1.3
   SNI allowed to reuse SSL sessions in a different virtual server, to
   bypass client SSL certificates verification (CVE-2025-23419).

*) Bugfix: in the ngx_http_mp4_module.
   Thanks to Nils Bars.

*) Workaround: "gzip filter failed to use preallocated memory" alerts
   appeared in logs when using zlib-ng.

*) Bugfix: nginx could not build libatomic library using the library
   sources if the --with-libatomic=DIR option was used.

*) Bugfix: nginx now ignores QUIC version negotiation packets from
   clients.

*) Bugfix: nginx could not be built on Solaris 10 and earlier with the
   ngx_http_v3_module.

*) Bugfixes in HTTP/3.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-016ed44ddc

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been submitted for testing by bodhi.

a month ago

This update has been pushed to testing.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
approved
a month ago
BZ#2277663 please switch to using systemd-sysusers to create the nginx user
0
0
BZ#2344197 CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-40]
0
0

Automated Test Results