Release date:
2026-07-07 14:22:35 UTC
Description:
* SECURITY UPDATE: inconsistent login/password storage in mail proxy
authentication after base64 decoding errors in the PLAIN, LOGIN and
CRAM-MD5 auth methods
- debian/patches/CVE-2025-53859.patch: decode into local buffers and
assign to the session login/passwd only on success in
src/mail/ngx_mail_handler.c
- CVE-2025-53859
Updated packages:
-
nginx1.27_1.27.5-1~trixie+tuxcare.els10_amd64.deb
sha:41d6a436c201031e15d129c0e6c05a870cdeab5a
-
nginx1.27_1.27.5-1~trixie+tuxcare.els10_arm64.deb
sha:7ef2c3f7a7c43fe47227bd662f2921275260fb91
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.