Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: ng...@packages.debian.org Control: affects -1 + src:nginx
This is backport of CVE-2025-23419 fix from the latest NGINX version 1.26.3 which is uploaded to the unstable. CVE-2025-23419 Description origin: https://www.openwall.com/lists/oss-security/2025/02/05/8 [ Reason ] The problem affects nginx 1.11.4 and newer built with OpenSSL if the TLSv1.3 protocol and session resumption are enabled either with ssl_session_cache or ssl_session_tickets. [ Impact ] A problem with SSL session resumption in nginx was identified. It was possible to reuse SSL sessions in named-based virtual hosts in unrelated contexts, allowing to bypass client certificate authentication in some configurations (CVE-2025-23419). [ Tests ] Nginx with the CVE-2025-23419 patch passed all automated tests that are in the package. And I tested that the patch does not break the NGINX functionality for the sample config example https://github.com/nginx/nginx/commit/b720f650bb72118481884657fb6a9bcb1b0f3b11: ~~~ server { listen 433 ssl default; return 404; } server { listen 433 ssl; server_name example.org; ssl_client_certificate org.cert; ssl_verify_client on; } server { listen 433 ssl; server_name example.com; ssl_client_certificate com.cert; ssl_verify_client on; } ~~~ [ Risks ] The CVE-2025-23419 is marked with score 'CVSS v4.0 Score: 5.3 / Medium'. And can be easily mittigated by configuration. Therefore fixing in proposed-updates is adequate. [ Notes ] The patch in unstable had 2 parts. One fixed problem in `http/ngx_http_request` module and the second fixed problem in `stream/ngx_stream_ssl_module` module. And for (bookworm/bullseye) the fix for `stream/ngx_stream_ssl_module can't be aplied because, the 'stream virtual servers' funcionality was added later in this commit: in this commit https://github.com/nginx/nginx/commit/d21675228a0ba8d4331e05c60660228a5d3326de. Therefore only `http/ngx_http_request` part was backported from the unstable. The fix is identical for bullseye release, which was independently prepared by Andrej Shadura here: https://salsa.debian.org/lts-team/packages/nginx/-/commit/69bacbb70605c40a2f6fbef74eb7c0f248c1c650 [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Added d/p/CVE-2025-23419.backported from the unstable and listed below id debdiff. diff -Nru nginx-1.22.1/debian/changelog nginx-1.22.1/debian/changelog --- nginx-1.22.1/debian/changelog 2023-03-14 16:19:32.000000000 +0100 +++ nginx-1.22.1/debian/changelog 2025-02-17 20:40:29.000000000 +0100 @@ -1,3 +1,9 @@ +nginx (1.22.1-9+deb12u1) bookworm; urgency=medium + + * d/p/CVE-2025-23419.patch add, backport CVE-2025-23419 fix. + + -- Jan Mojžíš <janmoj...@debian.org> Mon, 17 Feb 2025 20:40:29 +0100 + nginx (1.22.1-9) unstable; urgency=medium * d/control: nginx-common Breaks+Replaces: nginx (<< 1.22.1-8) diff -Nru nginx-1.22.1/debian/patches/CVE-2025-23419.patch nginx-1.22.1/debian/patches/CVE-2025-23419.patch --- nginx-1.22.1/debian/patches/CVE-2025-23419.patch 1970-01-01 01:00:00.000000000 +0100 +++ nginx-1.22.1/debian/patches/CVE-2025-23419.patch 2025-02-17 20:40:29.000000000 +0100 @@ -0,0 +1,70 @@ +From: =?utf-8?b?SmFuIE1vasW+w63FoQ==?= <jan.moj...@gmail.com> +Date: Mon, 17 Feb 2025 20:39:22 +0100 +Subject: CVE-2025-23419 +Origin: https://github.com/nginx/nginx/commit/13935cf9fdc3c8d8278c70716417d3b71c36140e + +SNI: added restriction for TLSv1.3 cross-SNI session resumption. +In OpenSSL, session resumption always happens in the default SSL context, +prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older +protocols, SSL_get_servername() returns values received in the resumption +handshake, which may be different from the value in the initial handshake. +Notably, this makes the restriction added in b720f65 insufficient for +sessions resumed with different SNI server name. + +Considering the example from b720f65, previously, a client was able to +request example.org by presenting a certificate for example.org, then to +resume and request example.com. + +The fix is to reject handshakes resumed with a different server name, if +verification of client certificates is enabled in a corresponding server +configuration. + +--- + src/http/ngx_http_request.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c +index a999ff5..4708719 100644 +--- a/src/http/ngx_http_request.c ++++ b/src/http/ngx_http_request.c +@@ -909,6 +909,31 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) + goto done; + } + ++ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module); ++ ++#if (defined TLS1_3_VERSION \ ++ && !defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL) ++ ++ /* ++ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+, ++ * but servername being negotiated in every TLSv1.3 handshake ++ * is only returned in OpenSSL 1.1.1+ as well ++ */ ++ ++ if (sscf->verify) { ++ const char *hostname; ++ ++ hostname = SSL_SESSION_get0_hostname(SSL_get0_session(ssl_conn)); ++ ++ if (hostname != NULL && ngx_strcmp(hostname, servername) != 0) { ++ c->ssl->handshake_rejected = 1; ++ *ad = SSL_AD_ACCESS_DENIED; ++ return SSL_TLSEXT_ERR_ALERT_FATAL; ++ } ++ } ++ ++#endif ++ + hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); + if (hc->ssl_servername == NULL) { + goto error; +@@ -922,8 +947,6 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) + + ngx_set_connection_log(c, clcf->error_log); + +- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); +- + c->ssl->buffer_size = sscf->buffer_size; + + if (sscf->ssl.ctx) { diff -Nru nginx-1.22.1/debian/patches/series nginx-1.22.1/debian/patches/series --- nginx-1.22.1/debian/patches/series 2023-03-14 16:19:32.000000000 +0100 +++ nginx-1.22.1/debian/patches/series 2025-02-17 20:40:29.000000000 +0100 @@ -3,3 +3,4 @@ nginx-ssl_cert_cb_yield.patch bug-1024605.patch bug-973861.patch +CVE-2025-23419.patch
