Overview

File _patchinfo of Package patchinfo.40421

<patchinfo incident="40421">
  <issue tracker="cve" id="2025-53859"/>
  <issue tracker="cve" id="2025-23419"/>
  <issue tracker="bnc" id="1236851">VUL-0: CVE-2025-23419: nginx: client certificate authentication bypass with TLSv1.3 and session resumption</issue>
  <issue tracker="bnc" id="1248070">VUL-0: CVE-2025-53859: nginx: arbitrary data leak during the NGINX SMTP authentication process</issue>
  <packager>fschnizlein</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nginx</summary>
  <description>This update for nginx fixes the following issues:

- CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070).
- CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places