nginx-1.29.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15449-1 Final 1 1 2025-08-15T00:00:00Z current 2025-08-15T00:00:00Z 2025-08-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z nginx-1.29.1-1.1 on GA media These are all security issues fixed in the nginx-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15449 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-53859/ SUSE CVE CVE-2025-53859 page openSUSE Tumbleweed nginx-1.29.1-1.1 nginx-source-1.29.1-1.1 nginx-1.29.1-1.1 as a component of openSUSE Tumbleweed nginx-source-1.29.1-1.1 as a component of openSUSE Tumbleweed NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. CVE-2025-53859 openSUSE Tumbleweed:nginx-1.29.1-1.1 openSUSE Tumbleweed:nginx-source-1.29.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-53859.html CVE-2025-53859 https://bugzilla.suse.com/1248070 SUSE Bug 1248070