Release date:
2026-07-07 14:25:33 UTC
Description:
* SECURITY UPDATE: CRLF injection in ngx_mail_smtp_module via crafted DNS
responses, allowing header injection into auth_http and smtp proxy
upstream requests
- debian/patches/CVE-2026-28753.patch: add ngx_mail_smtp_validate_host to
validate the resolved client hostname against RFC 1034 Section 3.5 in
ngx_mail_smtp_resolve_addr_handler before it is used
- CVE-2026-28753
Updated packages:
-
nginx1.21_1.21.6-1~bookworm+tuxcare.els10_amd64.deb
sha:95b1b2c1b6719cb5be90b4c9fd63a4cb2f108c44
-
nginx1.21_1.21.6-1~bookworm+tuxcare.els10_arm64.deb
sha:edaf48f9a4983f901dc68ee2be5bb6eec12949fd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.