[CLSA-2026:1783529409] Fix CVE(s): CVE-2026-28753
Type:
security
Severity:
Moderate
Release date:
2026-07-08 16:50:26 UTC
Description:
* SECURITY UPDATE: CRLF injection via resolved SMTP client host name - debian/patches/CVE-2026-28753.patch: validate that the host name resolved from the client address contains only RFC 1034 Section 3.5 characters before using it in auth_http and smtp proxy - CVE-2026-28753
CVEs fixed:
Updated packages:
  • libnginx-mod-http-geoip-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:ed98b265de57efd196233700aa97062c2215f050
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:dbc248587e4df5a7e9860a396e28f387c7ed5b9a
  • libnginx-mod-http-perl-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:54d2a8c9092313cdc3aaa39dbba74a11fa3ce422
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:6a47bd0e50aef96283ae5bb3c413a6d829cbc671
  • libnginx-mod-mail-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:5f80a0ef2853b163f152602c2e8e685c20d94f3f
  • libnginx-mod-stream-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:a2a1c3967b453819383653a6d2e6bfbcb70b372b
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:776658ecb950d18c9e9d963eaf060e2cfd2ae10c
  • nginx1.26_1.26.3-3~trixie+tuxcare.els9_amd64.deb
    sha:d0349102c29168ba4176a41371e1ab78fa2d8f2f
  • nginx1.26-common_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:2bdf0779843470ba94c8fa86204c0e923692e20b
  • nginx1.26-dev_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:c48d0c4129d0e155135250da4b416c7d4f035fa9
  • nginx1.26-doc_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:911795436c9166de0ba7a6b4bae6242b165e4840
  • libnginx-mod-http-geoip-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:28b36a0fb45b18bd5cdb4cd67f173138421c8ccc
  • libnginx-mod-http-image-filter-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:1d4dcb1982003157309db36057c97dc69ea6265b
  • libnginx-mod-http-perl-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:23de3a0f35b826849e6e968485bdf678c8007322
  • libnginx-mod-http-xslt-filter-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:b58890be421cc44693ccb9967a884117579c0736
  • libnginx-mod-mail-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:1f78159f9fd31d3a813d56c696cc753e1e23ae45
  • libnginx-mod-stream-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:c3e24fa96e497418c6f4ffe00ed3bce9b49686b7
  • libnginx-mod-stream-geoip-1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:531b0d9adc545ddf83e8eea98f8db29dda566552
  • nginx1.26_1.26.3-3~trixie+tuxcare.els9_arm64.deb
    sha:33f4326d493066b0b78dafc1d623af10a6dccf2b
  • nginx1.26-common_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:2bdf0779843470ba94c8fa86204c0e923692e20b
  • nginx1.26-dev_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:c48d0c4129d0e155135250da4b416c7d4f035fa9
  • nginx1.26-doc_1.26.3-3~trixie+tuxcare.els9_all.deb
    sha:911795436c9166de0ba7a6b4bae6242b165e4840
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.