OESA-2025-2136

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2136
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-2136.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2025-2136
Upstream
Published
2025-09-05T12:42:25Z
Modified
2025-09-05T13:18:05.565359Z
Summary
nginx security update
Details

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.

Security Fix(es):

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngxmailsmtpmodule, (2) the smtp_auth directive is configured with method 'none,' and (3) the authentication server returns the 'Auth-Wait' response header.(CVE-2025-53859)

Database specific 
{
    "severity": "Low"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / nginx

Package

Name
nginx
Purl
pkg:rpm/openEuler/nginx&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.0-6.oe2403sp1

Ecosystem specific 

{
    "x86_64": [
        "nginx-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-debuginfo-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-debugsource-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-devel-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-http-image-filter-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-http-perl-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-http-xslt-filter-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-mail-1.24.0-6.oe2403sp1.x86_64.rpm",
        "nginx-mod-stream-1.24.0-6.oe2403sp1.x86_64.rpm"
    ],
    "noarch": [
        "nginx-all-modules-1.24.0-6.oe2403sp1.noarch.rpm",
        "nginx-filesystem-1.24.0-6.oe2403sp1.noarch.rpm",
        "nginx-help-1.24.0-6.oe2403sp1.noarch.rpm"
    ],
    "src": [
        "nginx-1.24.0-6.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "nginx-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-debuginfo-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-debugsource-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-devel-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-http-image-filter-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-http-perl-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-http-xslt-filter-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-mail-1.24.0-6.oe2403sp1.aarch64.rpm",
        "nginx-mod-stream-1.24.0-6.oe2403sp1.aarch64.rpm"
    ]
}