USN-8375-1: nginx vulnerabilities

USN-8375-1: nginx vulnerabilities

https://ubuntu.com/security/notices/rss.xml / Wed, 06/03/2026 - 17:27
It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. (CVE-2025-53859) It was discovered that nginx incorrectly handled proxying to upstream TLS servers. An attacker could possibly use this issue to insert plain text data into the response from an upstream proxied server. (CVE-2026-1642) It was discovered that the nginx ngx_mail_auth_http_module module incorrectly handled certain requests. An attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. (CVE-2026-27651) It was discovered that the nginx ngx_http_dav_module module incorrectly handled certain destination URIs. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify source or destination names outside of the document root. (CVE-2026-27654) It was discovered that the nginx ngx_http_mp4_module module incorrectly handled certain MP4 files. An attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-27784, CVE-2026-32647) It was discovered that the nginx ngx_mail_smtp_module module incorrectly handled certain CRLF sequences. An attacker could possibly use this issue to inject arbitrary SMTP headers. (CVE-2026-28753) It was discovered that nginx contained a use-after-free vulnerability in the ngx_http_ssl_module module when client certificate verification and OCSP validation were enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly modify data in memory. (CVE-2026-40701) It was discovered that nginx did not properly handle certain proxied responses in the ngx_http_charset_module module. A remote attacker could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42934) It was discovered that the nginx ngx_http_rewrite_module component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-42945) It was discovered that nginx did not properly process certain SCGI and uWSGI responses. An attacker able to perform a machine-in-the-middle attack could possibly use this issue to obtain sensitive information or cause nginx to crash, resulting in a denial of service. (CVE-2026-42946) It was discovered that nginx incorrectly handled certain rewrite rules in the ngx_http_rewrite_module module. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-9256)

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.