Bugs fixes in "dovecot"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-27859 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail | 2026-03-31 |
| CVE | CVE-2026-27858 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can for | 2026-03-31 |
| CVE | CVE-2026-27857 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnec | 2026-03-31 |
| CVE | CVE-2026-27856 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the conf | 2026-03-31 |
| CVE | CVE-2026-27855 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, the | 2026-03-31 |
| CVE | CVE-2026-0394 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowe | 2026-03-31 |
| CVE | CVE-2025-59032 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, makin | 2026-03-31 |
| CVE | CVE-2025-59031 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use speciall | 2026-03-31 |
| CVE | CVE-2026-27859 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail | 2026-03-31 |
| CVE | CVE-2026-27858 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can for | 2026-03-31 |
| CVE | CVE-2026-27857 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnec | 2026-03-31 |
| CVE | CVE-2026-27856 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the conf | 2026-03-31 |
| CVE | CVE-2026-27855 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, the | 2026-03-31 |
| CVE | CVE-2026-0394 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowe | 2026-03-31 |
| CVE | CVE-2025-59032 | ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, makin | 2026-03-31 |
| CVE | CVE-2025-59031 | Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use speciall | 2026-03-31 |
| CVE | CVE-2026-27859 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail | 2026-03-31 |
| CVE | CVE-2026-27858 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can for | 2026-03-31 |
| CVE | CVE-2026-27857 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnec | 2026-03-31 |
| CVE | CVE-2026-27856 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the conf | 2026-03-31 |
About
-
Send Feedback to @ubuntu_updates
