[CLSA-2026:1781280223] Fix of 6 CVEs

Type:

security

Severity:

Important

Release date:

2026-06-12 16:06:00 UTC

Description:

   * SECURITY UPDATE: multiple CVE fixes
     - CVE-2026-1642: upstream module — detect premature plain text response from
       SSL backend and reinit upstream after reading bad response
     - CVE-2026-27651: mail auth_http — properly clear s->passwd retaining length
       for CRAM-MD5/APOP causing null pointer dereference
     - CVE-2026-27654: dav module — destination length validation for COPY/MOVE
       to prevent integer underflow in ngx_http_map_uri_to_path
     - CVE-2026-27784: mp4 module — fix 32-bit integer overflow while validating
       atom entries count
     - CVE-2026-32647: mp4 module — avoid zero size buffers in output and
       validate sync sample values in stss atom
     - CVE-2026-42946: scgi/uwsgi/proxy — reset parsing state and rewind buffer
       after invalid upstream status line

CVEs fixed:

Updated packages:

libnginx-mod-http-geoip-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:ad3e9112168def1fba0d08c35e6110732dbc4730
libnginx-mod-http-image-filter-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:d6961611e5d8a30c7d14ee8d567ad09ed39f5469
libnginx-mod-http-perl-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:64ab280393ab3035a57172e5a894be152358259a
libnginx-mod-http-xslt-filter-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:6667e6f4e523e6956077097a204ba0e4996d8304
libnginx-mod-mail-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:975284e95618bca82beab830a2d6752d6249adab
libnginx-mod-stream-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:2e4fc8b2254956d8a7ecb48e137dc9296bc64769
libnginx-mod-stream-geoip-1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:b229321a168dc9f1a6e4b1969d8fc6a5c847bc38
nginx1.26_1.26.3-3~trixie+tuxcare.els6_amd64.deb
sha:8df5e9d2a315a111527d9d2776fa21fc9134e381
nginx1.26-common_1.26.3-3~trixie+tuxcare.els6_all.deb
sha:ceb683107b90240ea61a5c9f7403c74502619cc3
nginx1.26-dev_1.26.3-3~trixie+tuxcare.els6_all.deb
sha:7a7a4687aee4b2fecb1660e5ffa50492c56c34d1
nginx1.26-doc_1.26.3-3~trixie+tuxcare.els6_all.deb
sha:f48cdf1b47074ef6e4aa5034666cd527b835d255

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.