Release date:
2026-07-09 10:15:13 UTC
Description:
* SECURITY UPDATE: Inconsistent login/password state after base64 decoding
errors in mail proxy auth
- debian/patches/CVE-2025-53859.patch: improve error handling in the
plain, login and cram-md5 auth methods so login and password storage
are not left in an inconsistent state in the session after a decoding
error in ngx_mail_handler.c
- CVE-2025-53859
Updated packages:
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els9_amd64.deb
sha:fb14dc72a81d451bf5b2b29719f4d01fbb8e1116
-
nginx1.25_1.25.5-1~bookworm+tuxcare.els9_arm64.deb
sha:13be3b826115b0fabe76859f09b652164f9a84d6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.