摘要:
nginx security update
安全等级: Low
公告ID: KylinSec-SA-2025-2834
发布日期: 2025年9月20日
关联CVE: CVE-2025-53859
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
Security Fix(es):
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.(CVE-2025-53859)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-53859 | KY3.5.3 | nginx | Fixed |
| CVE-2025-53859 | KY3.5.2 | nginx | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| nginx-all-modules | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx-filesystem | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx-help | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-devel | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-image-filter | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-perl | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-xslt-filter | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-mail | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-stream | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-devel | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-image-filter | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-perl | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-xslt-filter | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-mail | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-stream | aarch64 | 1.21.5-10.ky3_5.kb1 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| nginx-all-modules | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx-filesystem | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx-help | noarch | 1.21.5-10.ky3_5.kb1 |
| nginx | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-devel | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-image-filter | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-perl | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-xslt-filter | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-mail | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-stream | x86_64 | 1.21.5-10.ky3_5.kb1 |
| nginx | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-devel | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-image-filter | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-perl | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-http-xslt-filter | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-mail | aarch64 | 1.21.5-10.ky3_5.kb1 |
| nginx-mod-stream | aarch64 | 1.21.5-10.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
