Debian alert DSA-6197-1 (dovecot)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6197-1] dovecot security update | |
| Date: | Sun, 05 Apr 2026 15:22:17 +0000 | |
| Message-ID: | <adJ-KRJilahdfzOC@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 05, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dovecot CVE ID : CVE-2025-59031 CVE-2025-59032 CVE-2026-27855 CVE-2026-27856 CVE-2026-27857 CVE-2026-27858 CVE-2026-27859 CVE-2026-59028 CVE-2026-24031 CVE-2026-27860 CVE-2026-0394 Multiple vulnerabilities have been discovered in the Dovecot IMAP server which way result in denial of service, SQL injection, path traversal, replay attacks or timing side channel attacks. For the oldstable distribution (bookworm), these problems have been fixed in version 1:2.3.19.1+dfsg1-2.1+deb12u2. For the stable distribution (trixie), these problems have been fixed in version 1:2.4.1+dfsg1-6+deb13u4. We recommend that you upgrade your dovecot packages. For the detailed security status of dovecot please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dovecot Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnSfB4ACgkQEMKTtsN8 TjYuORAAmhLIvHsVAuAi6HvOL+pAhLWGI0BQZCgpz6zOSIMiyb16XWMHtB0lK86R Au1pyaIyfrrKIjD7nZ2ONMll38ckGaCn/35R10/zZL2H8OONo1RNkd7VPtupQBBE GesFxeE8kiMLBzw904O3WAjaxpwwR3g63lF0gEY9/nm34/5NgsmfjQTw0R0x4N1B Br4u7Mz6ZE0B1G/NmNdL6ESQ/qw0OYHikbaKvSVF4MXXAmvKeZT1sxQEgK9hPh0b JpbS/KrZP5N8XNV5jv/AC2z1Pi1d9T8VBkvym6CiRej4lmstR167zc+NZmHSV6v2 dKVKiuGlr4shX8E1FmmYpi5vHLEGSnbJRbwnj08P8MZOxxcg+g6Sy6EsVFNWqOzl 9/cdcck/kT7yD0EUtrRkAWufY47J7zq+yfkTKvClOoocVAzyayZPvSEqgGHp89qf /zWM4IOTiR0oPHEZEopHy10aRIc3nRZOxcBEgmOrW+ZuCFrLl1Pq1BcVyrMQojud /wX9TPQygDPUn+aAqsOUXCYH6/i9VI25xZHClwv+x6T1Il2SR8R1UQNfrIyIhpPs LLMc86SW2XlQ+DS+hEs2IT+gpXE1i03Qsz5ufocVg9ODLTWc9dFMwNMp0fKFwTUn ohZSJMNQ8DgRXAcFJQ1U0pH1JxrlPJ+vPPkPuLgN3yJmlOSdoHs= =h36n -----END PGP SIGNATURE-----