1 Topic by chris.23lo

  • chris.23lo
  • Member
  • Offline
  • Registered: 2022-06-30
  • Posts: 68

Topic: About nginx CVE...

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

F5 K000161019

Separately I added acl for iredadmin...is it sufficient?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,676

Re: About nginx CVE...

Please either change those unnamed captures by named captures, or wait for patched version from Linux vendors.

Ubuntu already provides patched Nginx in official apt repository, run "apt update && apt upgrade" to get it fixed.

- Ubuntu 22.04 (jammy): https://changelogs.ubuntu.com/changelog … /changelog
- Ubuntu 24.04 (noble): https://changelogs.ubuntu.com/changelog … /changelog
- Ubuntu 26.04 (resolute): https://changelogs.ubuntu.com/changelog … /changelog

Debian doesn't provide patched version yet: https://metadata.ftp-master.debian.org/ … _changelog

RedHat doesn't fix it yet: https://access.redhat.com/security/cve/cve-2026-42945