[CLSA-2026:1781345352] Fix of 6 CVEs

Type:

security

Severity:

Important

Release date:

2026-06-13 10:10:17 UTC

Description:

   * SECURITY UPDATE: multiple CVE fixes
     - CVE-2026-1642: upstream module — detect premature plain text response from
       SSL backend and reinit upstream after reading bad response
     - CVE-2026-27651: mail auth_http — properly clear s->passwd retaining length
       for CRAM-MD5/APOP causing null pointer dereference
     - CVE-2026-27654: dav module — destination length validation for COPY/MOVE
       to prevent integer underflow in ngx_http_map_uri_to_path
     - CVE-2026-27784: mp4 module — fix 32-bit integer overflow while validating
       atom entries count
     - CVE-2026-32647: mp4 module — avoid zero size buffers in output and
       validate sync sample values in stss atom
     - CVE-2026-42946: scgi/uwsgi/proxy — reset parsing state and rewind buffer
       after invalid upstream status line

CVEs fixed:

Updated packages:

libnginx-mod-http-geoip-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:83076d7fa03feabc7e0e2540e1aa0bd3f062b661
libnginx-mod-http-image-filter-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:3100a39e140914bf6bb1f8fa602c5f0d929106c7
libnginx-mod-http-perl-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:0b1d2a71626e3e94dba8f085e12ef338237b3dd0
libnginx-mod-http-xslt-filter-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:bc7fd1d0b7d46dd9cf9569235838671f3544aa6e
libnginx-mod-mail-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:68966eb387587385b73fed613dfccbfb22d8a90a
libnginx-mod-stream-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:b96cf56fd5f5b86821b888e32d338d32333f3b04
libnginx-mod-stream-geoip-1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:004c7b6be0c0a1d95812208faca5356e9c6396d1
nginx1.26_1.26.3-3~bookworm+tuxcare.els6_amd64.deb
sha:05be9cbf8241f3514f954d6d612c8a584096e2c1
nginx1.26-common_1.26.3-3~bookworm+tuxcare.els6_all.deb
sha:52e891d3b0b250b874823bdf978b7ce3afe1aa13
nginx1.26-dev_1.26.3-3~bookworm+tuxcare.els6_all.deb
sha:aa44a319e0eac293d6dbd89bfab72a8a6450ac27
nginx1.26-doc_1.26.3-3~bookworm+tuxcare.els6_all.deb
sha:6501539fc286075ca7723251440237f0746e6d89

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.