SUSE-CU-2025:7342-1: Security update of suse/nginx
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Oct 15 07:16:37 UTC 2025
SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7342-1
Container Tags : suse/nginx:1.21 , suse/nginx:1.21-63.6 , suse/nginx:latest
Container Release : 63.6
Severity : important
Type : security
References : 1236851 1248070 1249584 CVE-2025-23419 CVE-2025-53859 CVE-2025-59375
-----------------------------------------------------------------
The container suse/nginx was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3444-1
Released: Wed Oct 1 14:42:58 2025
Summary: Security update for nginx
Type: security
Severity: moderate
References: 1236851,1248070,CVE-2025-23419,CVE-2025-53859
This update for nginx fixes the following issues:
- CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070).
- CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3508-1
Released: Thu Oct 9 10:32:56 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
The following package changes have been done:
- libexpat1-2.7.1-150700.3.6.1 updated
- nginx-1.21.5-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.7-5b0ddc1b793392d929e479d905c39f68b1dbff898fbc8834c86033bcc2277d34-0 updated
More information about the sle-container-updates
mailing list