4 matches found
SUSE SLES16: dovecot24 / dovecot24-backend-mysql / dovecot24-backend-pgsql / etc (SUSE-SU-2026:22185-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22185-1 advisory. This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipeline...
OPENSUSE-SU-2026:21109-1 Security update for dovecot24
This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...
[SECURITY] [DLA 4617-1] dovecot security update
Debian LTS Advisory DLA-4617-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 05, 2026 https://wiki.debian.org/LTS Package : dovecot Version : 1:2.3.13+dfsg1-2+deb11u4 CVE ID : CVE-2026-33603 CVE-2026-40020 CVE-2026-42006 Debian Bug : 1136444 Multiple...
CVE-2026-33603
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...