Release date:
2026-07-07 13:35:26 UTC
Description:
* SECURITY UPDATE: inconsistent login/password storage in mail proxy
authentication after base64 decoding errors in the PLAIN, LOGIN and
CRAM-MD5 auth methods
- debian/patches/CVE-2025-53859.patch: decode into local buffers and
assign to the session login/passwd only on success in
src/mail/ngx_mail_handler.c
- CVE-2025-53859
Updated packages:
-
nginx1.27_1.27.5-1~bookworm+tuxcare.els10_amd64.deb
sha:42b6ac80a2d5cb73aac7fec253d428ab68851371
-
nginx1.27_1.27.5-1~bookworm+tuxcare.els10_arm64.deb
sha:e8fbbd063097c18b76984cfbd17b4b1a25734fb2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.