*** This bug is a security vulnerability *** Public security bug reported:
nginx announced the CVE-2025-23419 vulnerability on February 5, 2025: https://mailman.nginx.org/pipermail/nginx- announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html The problem affects nginx 1.11.4 and newer built with OpenSSL if the TLSv1.3 protocol and session resumption are enabled either with ssl_session_cache or ssl_session_tickets. The problem is fixed in 1.26.3 and 1.27.4. At https://ubuntu.com/security/CVE-2025-23419 it shows "Needs evaluation" for 24.04 LTS noble. 24.04's current version of nginx is 1.24.0-2ubuntu7.1 which has this vulnerability. PCI tests are failing due to this vulnerability not yet being addressed in Ubuntu LTS. ** Affects: nginx (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2105509 Title: CVE-2025-23419 vulnerability in nginx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2105509/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
