Release date:
2026-07-09 10:19:59 UTC
Description:
* SECURITY UPDATE: Inconsistent login/password state after base64 decoding
errors in mail proxy auth
- debian/patches/CVE-2025-53859.patch: improve error handling in the
plain, login and cram-md5 auth methods so login and password storage
are not left in an inconsistent state in the session after a decoding
error in ngx_mail_handler.c
- CVE-2025-53859
Updated packages:
-
nginx1.25_1.25.5-1~trixie+tuxcare.els9_amd64.deb
sha:223a4505d59ad560d535cd5ecc53c572e18d1fb5
-
nginx1.25_1.25.5-1~trixie+tuxcare.els9_arm64.deb
sha:0b77353c097367be770f993382d9b9c23f3dbd4d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.