[CLSA-2026:1783431309] Fix CVE(s): CVE-2025-53859, CVE-2026-28755
Type:
security
Severity:
Moderate
Release date:
2026-07-07 13:35:26 UTC
Description:
* SECURITY UPDATE: inconsistent login/password storage in mail proxy authentication after base64 decoding errors in the PLAIN, LOGIN and CRAM-MD5 auth methods - debian/patches/CVE-2025-53859.patch: decode into local buffers and assign to the session login/passwd only on success in src/mail/ngx_mail_handler.c - CVE-2025-53859
Updated packages:
  • nginx1.27_1.27.5-1~bookworm+tuxcare.els10_amd64.deb
    sha:42b6ac80a2d5cb73aac7fec253d428ab68851371
  • nginx1.27_1.27.5-1~bookworm+tuxcare.els10_arm64.deb
    sha:e8fbbd063097c18b76984cfbd17b4b1a25734fb2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.