Advisories » MGASA-2025-0245

Updated nginx package fixes security vulnerability

Publication date: 22 Oct 2025
Modification date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53859

Description

It was discovered that nginx contains a security issue in the
ngx_mail_smtp_module which might allow an attacker to cause buffer
over-read potentially resulting in sensitive information leak in a HTTP
request to the authentication server (CVE-2025-53859).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34585
• https://www.openwall.com/lists/oss-security/2025/08/13/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53859

SRPMS

9/core

• nginx-1.26.3-1.1.mga9