[CLSA-2026:1783434137] Fix CVE(s): CVE-2025-53859, CVE-2026-28755
Type:
security
Severity:
Moderate
Release date:
2026-07-07 14:22:35 UTC
Description:
* SECURITY UPDATE: inconsistent login/password storage in mail proxy authentication after base64 decoding errors in the PLAIN, LOGIN and CRAM-MD5 auth methods - debian/patches/CVE-2025-53859.patch: decode into local buffers and assign to the session login/passwd only on success in src/mail/ngx_mail_handler.c - CVE-2025-53859
Updated packages:
  • nginx1.27_1.27.5-1~trixie+tuxcare.els10_amd64.deb
    sha:41d6a436c201031e15d129c0e6c05a870cdeab5a
  • nginx1.27_1.27.5-1~trixie+tuxcare.els10_arm64.deb
    sha:7ef2c3f7a7c43fe47227bd662f2921275260fb91
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.