USN-7285-1
- Source
- https://ubuntu.com/security/notices/USN-7285-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7285-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7285-1
- Upstream
- Related
- Published
- 2025-02-24T11:00:34.211538Z
- Modified
- 2025-10-13T04:40:27Z
- Summary
- nginx vulnerability
- Details
-
It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers. This issue only affected Ubuntu 24.10.
A buffer overflow and a null pointer deref was fixed in nginx rtmp module (#LP 1977718). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
- References
Affected packages
Ubuntu:20.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx@1.18.0-0ubuntu1.7?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.18.0-0ubuntu1.7
Affected versions
1.*
1.16.1-0ubuntu2
1.16.1-0ubuntu3
1.17.5-0ubuntu1
1.17.6-0ubuntu1
1.17.7-0ubuntu1
1.17.8-0ubuntu1
1.17.8-0ubuntu2
1.17.8-0ubuntu3
1.17.9-0ubuntu1
1.17.9-0ubuntu2
1.17.9-0ubuntu3
1.17.10-0ubuntu1
1.18.0-0ubuntu1
1.18.0-0ubuntu1.2
1.18.0-0ubuntu1.3
1.18.0-0ubuntu1.4
1.18.0-0ubuntu1.5
1.18.0-0ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "libnginx-mod-http-auth-pam",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-cache-purge",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-dav-ext",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-echo",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-fancyindex",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-geoip",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-geoip2",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-headers-more-filter",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-image-filter",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-lua",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-ndk",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-perl",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-subs-filter",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-uploadprogress",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-upstream-fair",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-http-xslt-filter",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-mail",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-nchan",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-rtmp",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "libnginx-mod-stream",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx-common",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx-core",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx-extras",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx-full",
"binary_version": "1.18.0-0ubuntu1.7"
},
{
"binary_name": "nginx-light",
"binary_version": "1.18.0-0ubuntu1.7"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:20.04:LTS",
"cves": [
{
"id": "CVE-2025-23419",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:22.04:LTS / nginx
Package
- Name
- nginx
- Purl
- pkg:deb/ubuntu/nginx@1.18.0-6ubuntu14.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.18.0-6ubuntu14.6
Affected versions
1.*
1.18.0-6ubuntu11
1.18.0-6ubuntu12
1.18.0-6ubuntu14
1.18.0-6ubuntu14.1
1.18.0-6ubuntu14.2
1.18.0-6ubuntu14.3
1.18.0-6ubuntu14.4
1.18.0-6ubuntu14.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libnginx-mod-http-auth-pam",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-cache-purge",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-dav-ext",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-echo",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-fancyindex",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-geoip",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-geoip2",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-headers-more-filter",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-image-filter",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-ndk",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-perl",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-subs-filter",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-uploadprogress",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-upstream-fair",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-http-xslt-filter",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-mail",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-nchan",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-rtmp",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-stream",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-stream-geoip",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "libnginx-mod-stream-geoip2",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx-common",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx-core",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx-extras",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx-full",
"binary_version": "1.18.0-6ubuntu14.6"
},
{
"binary_name": "nginx-light",
"binary_version": "1.18.0-6ubuntu14.6"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2025-23419",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}