[CLSA-2026:1783592384] Fix CVE(s): CVE-2025-53859
Type:
security
Severity:
Moderate
Release date:
2026-07-09 10:19:59 UTC
Description:
* SECURITY UPDATE: Inconsistent login/password state after base64 decoding errors in mail proxy auth - debian/patches/CVE-2025-53859.patch: improve error handling in the plain, login and cram-md5 auth methods so login and password storage are not left in an inconsistent state in the session after a decoding error in ngx_mail_handler.c - CVE-2025-53859
CVEs fixed:
Updated packages:
  • nginx1.25_1.25.5-1~trixie+tuxcare.els9_amd64.deb
    sha:223a4505d59ad560d535cd5ecc53c572e18d1fb5
  • nginx1.25_1.25.5-1~trixie+tuxcare.els9_arm64.deb
    sha:0b77353c097367be770f993382d9b9c23f3dbd4d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.