Security update for dovecot22

This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

Towards Anonymous Neural Network Inference

We introduce funion, a system providing end-to-end sender-receiver unlinkability for neural network inference. By leveraging the Pigeonhole storage protocol and BACAP blinding-and-capability scheme from the Echomix anonymity system, funion inherits the provable security guarantees of modern...

SUSE CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 and Pigeonhole before 0.5.7.2, protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution...

FreeBSD : dovecot-pigeonhole -- Sieve excessive resource usage (f3fc2b50-d36a-11eb-a32c-00a0989e4ec1)

Dovecot team reports reports : Sieve interpreter is not protected against abusive scripts that claim excessive resource usage. Fixed by limiting the user CPU time per single script execution and cumulatively over several script runs within a configurable timeout period. Sufficiently large CPU tim...

[ASA-202106-57] pigeonhole: denial of service

Arch Linux Security Advisory ASA-202106-57 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2020-28200 Package : pigeonhole Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2088 Summary ======= The package pigeonhole before...

SUSE: Security Advisory (SUSE-SU-2021:0027-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0414-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0029-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:0026-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:0072-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : dovecot23 (openSUSE-2021-72)

This update for dovecot23 fixes the following issues : Security issues fixed : - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...

openSUSE Security Update : dovecot23 (openSUSE-2021-26)

This update for dovecot23 fixes the following issues : Security issues fixed : - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...

Security update for dovecot23 (important)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:0072-1 Rating: important References: 1174920 1180405 1180406 Cross-References: CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is...

OPENSUSE-SU-2021:0026-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Security issues fixed: - CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. - CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. -...

Security update for dovecot23 (important)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:0026-1 Rating: important References: 1174920 1180405 1180406 Cross-References: CVE-2020-12100 CVE-2020-24386 CVE-2020-25275 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is...

SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:0029-1)

This update for dovecot23 fixes the following issues : Security issues fixed : CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. CVE-2020-24386: Fixed an issue with IMAP hibernation that allowed users to access other users' emails bsc1180405. CVE-2020-2527...

SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:0028-1)

This update for dovecot23 fixes the following issues : Security issues fixed : CVE-2020-12100: Fixed a resource exhaustion caused by deeply nested MIME parts bsc1174920. CVE-2020-12673: Fixed an improper implementation of NTLM that did not check the message buffer size bsc1174922. CVE-2020-12674:...