{"id":"USN-7285-2","summary":"nginx vulnerability","details":"USN-7285-1 fixed vulnerabilities in nginx.\nThis update provides the corresponding updates for Ubuntu 24.04 LTS.\n\nOriginal advisory details:\n\n It was discovered that nginx incorrectly handled when multiple\n server blocks are configured to share the same IP address and port.\n An attacker could use this issue to use session resumption to bypass\n client certificate authentication requirements on these servers.\n","modified":"2026-02-10T04:47:15Z","published":"2025-04-01T08:28:19Z","upstream":["CVE-2025-23419","UBUNTU-CVE-2025-23419"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7285-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-23419"}],"affected":[{"package":{"name":"nginx","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/nginx@1.24.0-2ubuntu7.3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.24.0-2ubuntu7.3"}]}],"versions":["1.24.0-1ubuntu1","1.24.0-2ubuntu1","1.24.0-2ubuntu2","1.24.0-2ubuntu3","1.24.0-2ubuntu4","1.24.0-2ubuntu6","1.24.0-2ubuntu7","1.24.0-2ubuntu7.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnginx-mod-http-geoip","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-http-image-filter","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-http-perl","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-http-xslt-filter","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-mail","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-stream","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"libnginx-mod-stream-geoip","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-common","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-core","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-dev","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-extras","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-full","binary_version":"1.24.0-2ubuntu7.3"},{"binary_name":"nginx-light","binary_version":"1.24.0-2ubuntu7.3"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7285-2.json","cves_map":{"cves":[{"id":"CVE-2025-23419","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:24.04:LTS"}}}],"schema_version":"1.7.3"}