Awaiting Analysis: kusanagi-nginx126 security update

Security Advisory

Synopsis

Issued 2025-02-12
Severity Awaiting Analysis
Updated Packages kusanagi-nginx126
Affected Products KUSANAGI 9

Description

An update for kusanagi-nginx126 is now available.

Security fix(es):

  • Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419).

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.

References

Updated packages listed below

This product uses the NVD API but is not endorsed or certified by the NVD.

KUSANAGI 9 Module Update

Awaiting Analysis: kusanagi-nginx127 security update

KUSANAGI Open Source Licenses | KUSANAGI Business Edition, Premium Edition, Security Edition End-User License Agreement

KUSANAGI Logo and Mascots | Privacy Policy | Vulnerability Disclosure Policy | Contact US

© 2015 - 2025 Prime Strategy Co., Ltd. All rights reserved