[CLSA-2026:1783592098] Fix CVE(s): CVE-2025-53859
Type:
security
Severity:
Moderate
Release date:
2026-07-09 10:15:13 UTC
Description:
* SECURITY UPDATE: Inconsistent login/password state after base64 decoding errors in mail proxy auth - debian/patches/CVE-2025-53859.patch: improve error handling in the plain, login and cram-md5 auth methods so login and password storage are not left in an inconsistent state in the session after a decoding error in ngx_mail_handler.c - CVE-2025-53859
CVEs fixed:
Updated packages:
  • nginx1.25_1.25.5-1~bookworm+tuxcare.els9_amd64.deb
    sha:fb14dc72a81d451bf5b2b29719f4d01fbb8e1116
  • nginx1.25_1.25.5-1~bookworm+tuxcare.els9_arm64.deb
    sha:13be3b826115b0fabe76859f09b652164f9a84d6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.