[SECURITY] [DSA 6197-1] dovecot security update

Sun, 05 Apr 2026 08:26:23 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6197-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
April 05, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
CVE ID         : CVE-2025-59031 CVE-2025-59032 CVE-2026-27855
                 CVE-2026-27856 CVE-2026-27857 CVE-2026-27858
                 CVE-2026-27859 CVE-2026-59028 CVE-2026-24031
                 CVE-2026-27860 CVE-2026-0394
 
Multiple vulnerabilities have been discovered in the Dovecot IMAP server
which way result in denial of service, SQL injection, path traversal,
replay attacks or timing side channel attacks.

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:2.3.19.1+dfsg1-2.1+deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 1:2.4.1+dfsg1-6+deb13u4.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnSfB4ACgkQEMKTtsN8
TjYuORAAmhLIvHsVAuAi6HvOL+pAhLWGI0BQZCgpz6zOSIMiyb16XWMHtB0lK86R
Au1pyaIyfrrKIjD7nZ2ONMll38ckGaCn/35R10/zZL2H8OONo1RNkd7VPtupQBBE
GesFxeE8kiMLBzw904O3WAjaxpwwR3g63lF0gEY9/nm34/5NgsmfjQTw0R0x4N1B
Br4u7Mz6ZE0B1G/NmNdL6ESQ/qw0OYHikbaKvSVF4MXXAmvKeZT1sxQEgK9hPh0b
JpbS/KrZP5N8XNV5jv/AC2z1Pi1d9T8VBkvym6CiRej4lmstR167zc+NZmHSV6v2
dKVKiuGlr4shX8E1FmmYpi5vHLEGSnbJRbwnj08P8MZOxxcg+g6Sy6EsVFNWqOzl
9/cdcck/kT7yD0EUtrRkAWufY47J7zq+yfkTKvClOoocVAzyayZPvSEqgGHp89qf
/zWM4IOTiR0oPHEZEopHy10aRIc3nRZOxcBEgmOrW+ZuCFrLl1Pq1BcVyrMQojud
/wX9TPQygDPUn+aAqsOUXCYH6/i9VI25xZHClwv+x6T1Il2SR8R1UQNfrIyIhpPs
LLMc86SW2XlQ+DS+hEs2IT+gpXE1i03Qsz5ufocVg9ODLTWc9dFMwNMp0fKFwTUn
ohZSJMNQ8DgRXAcFJQ1U0pH1JxrlPJ+vPPkPuLgN3yJmlOSdoHs=
=h36n
-----END PGP SIGNATURE-----

Reply via email to