[CLSA-2026:1783431503] Fix CVE(s): CVE-2026-28753
Type:
security
Severity:
Moderate
Release date:
2026-07-07 13:38:39 UTC
Description:
* SECURITY UPDATE: CRLF injection via resolved SMTP client host name - debian/patches/CVE-2026-28753.patch: validate that the host name resolved from the client address contains only RFC 1034 Section 3.5 characters before using it in auth_http and smtp proxy - CVE-2026-28753
CVEs fixed:
Updated packages:
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:1588756c1ad17b4ac730a273e03a5c86a3eb970d
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:2742faf963fda4ec285fc93aa8f5824b24ced0a7
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:76416f6bf53ec3aa02eb481ed62ef52c071025ce
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:0ff4cd559f7a543dc0be9e820c9fd7c90019be87
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:722d094d7f5c8263dcf83666afad735ad871e7fc
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:c1c1c929fcdb124aa34663bb38d476b63bae4df7
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:fd3043f9a62d232a89e38598f1c1bee50fe6a608
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els9_amd64.deb
    sha:8d16fef5df41aceab0dc391ed50bc3e0a78fd8d7
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:bad755084df3680fb0a1c368efa6645fbc0ab0ad
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:88b89f03d9e458bc2d4ca953fd8f39ef4acce8ab
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:d8d6a8da0e96f2b74c07d44c0c4f65dcc3885d24
  • libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:f39a274794a664bfabc000bb732d07175b87a57d
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:028f1f2dd9a4b000098818aded40ab51fc010063
  • libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:3d26fd812e3f1926dba67b422ee6e84cfab5764c
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:1def7ad63f571ce24c4b2a2b0209d9eb0efb5859
  • libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:b40c39ce0024d11e56c25339d48880808342055d
  • libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:d8be430bf7cc18935fe73d0f94ddd788c92b7c41
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:88643087926783ff8d075f2dbede33fe5d2241da
  • nginx1.26_1.26.3-3~bookworm+tuxcare.els9_arm64.deb
    sha:e3ed9507e8830b86069b14a002c7bfaf0a767e17
  • nginx1.26-common_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:bad755084df3680fb0a1c368efa6645fbc0ab0ad
  • nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:88b89f03d9e458bc2d4ca953fd8f39ef4acce8ab
  • nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els9_all.deb
    sha:d8d6a8da0e96f2b74c07d44c0c4f65dcc3885d24
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.