[CLSA-2026:1783591916] Fix CVE(s): CVE-2025-53859, CVE-2026-28753, CVE-2026-42934
Type:
security
Severity:
Moderate
Release date:
2026-07-09 10:12:14 UTC
Description:
* SECURITY UPDATE: improper neutralization of CRLF sequences via resolved SMTP client host name used in auth_http and smtp proxy - debian/patches/CVE-2026-28753.patch: validate that the host name resolved from the client address contains only characters permitted by RFC 1034 Section 3.5, rejecting it as [TEMPUNAVAIL] otherwise - CVE-2026-28753
Updated packages:
  • nginx1.23_1.23.4-1~trixie+tuxcare.els12_amd64.deb
    sha:8a454813e7a22418e9bf95969b394e5c6522689b
  • nginx1.23_1.23.4-1~trixie+tuxcare.els12_arm64.deb
    sha:11d541de8dc22e30d1fa4131a49095521128bf9b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.