|
|
Log in / Subscribe / Register

Debian alert DSA-6313-1 (dovecot)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6313-1] dovecot security update


Date:
              Sun, 31 May 2026 18:25:27 +0000


Message-ID:
              <ahx9FyupjvUZzdpy@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6313-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 31, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : dovecot
CVE ID         : CVE-2026-33603 CVE-2026-40016 CVE-2026-40020
                 CVE-2026-42006 CVE-2026-27851

Multiple vulnerabilities have been discovered in the Dovecot IMAP server
which way result in denial of service, SQL injection or
man-in-the-midddle attacks

For the oldstable distribution (bookworm), these problems have been fixed
in version 1:2.3.19.1+dfsg1-2.1+deb12u6.

For the stable distribution (trixie), these problems have been fixed in
version 1:2.4.1+dfsg1-6+deb13u6.

We recommend that you upgrade your dovecot packages.

For the detailed security status of dovecot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/dovecot

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmocfNMACgkQEMKTtsN8
Tjaa6g/9H7ZUQVZs6IjWyKWdKrY/o7N+zjA7DTNG8LXPKIX7nQRFoiCrYWUEyVox
tLhrcNYBIoCzg75OiIhI/RGCYf/RDKQWrELpJkJTjMgt/3pmVeuWir/KM1HhWpKt
zAO0XtvrGl2I8Aq1VNzsz5D2htBrGGQfljqal/Vc7EFkASjjsrktqVzMjFkcetlf
AULOrYKmDpYBeD8kcIWxr3JE2PBwsZ3J4Uu1/QMsXHH856+h76kA2TRUN3TzQx4c
VrFuRxPtjIv7OcVIhiyAInNBBG6CJTiz1QaDzFeXpPxTa7ZSIq5AuQdnkI6i9RPR
f1b6VE7uDyB7HBMAr0vmboDmV+d6UpW4DM+QUmDaunuA1leixKXIkGo/Vc1rRRk+
5YGA2Q+kJYiTqeTzzptLYUkswykpQ2ay+OPEobXVIEoSHP7JLT5XmjApW2n6y5Vo
4dVFqYeoECQ2PwxwvWF0T56GM4ghVy9VcEWWAHsb0gJut+7AKNT683syQ+gCYwbR
eS0dkTVnc7XdNS1KU/hkEDfZtP5muxXzYGKfoyTpNo+0ZEbpAeL26R2SIb6TCNMl
EQx16tfH1HF9pV7Y0CKQHnznKsclRbmq0rXUmGZv5rAzkxSrvjmk4YWOxBvbfHLB
CcrVodrkg8puxNcMUuhDho0iHZQgybmzRY1JcPkP2x6eBggLa9E=
=ecAa
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds