OESA-2025-2089

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2089
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2089.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-2089
Upstream
Published
2025-08-29T11:18:17Z
Modified
2025-08-29T15:34:10.176347Z
Summary
nginx security update
Details

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.

Security Fix(es):

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngxmailsmtpmodule, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.(CVE-2025-53859)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:24.03-LTS-SP2 / nginx

Package

Name
nginx
Purl
pkg:rpm/openEuler/nginx&distro=openEuler-24.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.0-6.oe2403sp2

Ecosystem specific 

{
    "src": [
        "nginx-1.24.0-6.oe2403sp2.src.rpm"
    ],
    "noarch": [
        "nginx-all-modules-1.24.0-6.oe2403sp2.noarch.rpm",
        "nginx-filesystem-1.24.0-6.oe2403sp2.noarch.rpm",
        "nginx-help-1.24.0-6.oe2403sp2.noarch.rpm"
    ],
    "aarch64": [
        "nginx-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-debuginfo-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-debugsource-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-devel-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-http-image-filter-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-http-perl-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-http-xslt-filter-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-mail-1.24.0-6.oe2403sp2.aarch64.rpm",
        "nginx-mod-stream-1.24.0-6.oe2403sp2.aarch64.rpm"
    ],
    "x86_64": [
        "nginx-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-debuginfo-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-debugsource-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-devel-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-http-image-filter-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-http-perl-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-http-xslt-filter-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-mail-1.24.0-6.oe2403sp2.x86_64.rpm",
        "nginx-mod-stream-1.24.0-6.oe2403sp2.x86_64.rpm"
    ]
}