Release date:
2026-07-07 14:36:36 UTC
Description:
* SECURITY UPDATE: CRLF injection in ngx_mail_smtp_module via crafted DNS
responses, allowing header injection into auth_http and smtp proxy
upstream requests
- debian/patches/CVE-2026-28753.patch: add ngx_mail_smtp_validate_host to
validate the resolved client hostname against RFC 1034 Section 3.5 in
ngx_mail_smtp_resolve_addr_handler before it is used
- CVE-2026-28753
Updated packages:
-
nginx1.21_1.21.6-1~trixie+tuxcare.els10_amd64.deb
sha:9307f02691be861afebd4ae518b74660d8ef30ec
-
nginx1.21_1.21.6-1~trixie+tuxcare.els10_arm64.deb
sha:14db7279a26520716f5aee6b72371b66ac208c95
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.