Release date:
2026-07-09 10:12:14 UTC
Description:
* SECURITY UPDATE: improper neutralization of CRLF sequences via resolved
SMTP client host name used in auth_http and smtp proxy
- debian/patches/CVE-2026-28753.patch: validate that the host name
resolved from the client address contains only characters permitted
by RFC 1034 Section 3.5, rejecting it as [TEMPUNAVAIL] otherwise
- CVE-2026-28753
Updated packages:
-
nginx1.23_1.23.4-1~trixie+tuxcare.els12_amd64.deb
sha:8a454813e7a22418e9bf95969b394e5c6522689b
-
nginx1.23_1.23.4-1~trixie+tuxcare.els12_arm64.deb
sha:11d541de8dc22e30d1fa4131a49095521128bf9b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.