Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE Leap 16.0 Dovecot24 Important Security Update 20554-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
This article highlights the important security updates for Dovecot 24 on openSUSE addressing major vulnerabilities.
An update that solves 10 vulnerabilities and has 10 bug fixes can now be installed.

Description

This update for dovecot24 fixes the following issues:

- Update to v2.4.3

- CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894).

- CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing

(bsc#1260895).

- CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902).

- CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen.

v2.4 regression (bsc#1260896).

- CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900).

- CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899).

- CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898).

- CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901).

- CVE-2026-27859: excessive RFC 2231 MIME...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

dovecot24-2.4.3-160000.1.1

dovecot24-backend-mysql-2.4.3-160000.1.1

dovecot24-backend-pgsql-2.4.3-160000.1.1

dovecot24-backend-sqlite-2.4.3-160000.1.1

dovecot24-devel-2.4.3-160000.1.1

dovecot24-fts-2.4.3-160000.1.1

dovecot24-fts-flatcurve-2.4.3-160000.1.1

dovecot24-fts-solr-2.4.3-160000.1.1

References

* bsc#1260893

* bsc#1260894

* bsc#1260895

* bsc#1260896

* bsc#1260897

* bsc#1260898

* bsc#1260899

* bsc#1260900

* bsc#1260901

* bsc#1260902

References:

* https://www.suse.com/security/cve/CVE-2025-59028.html

* https://www.suse.com/security/cve/CVE-2025-59031.html

* https://www.suse.com/security/cve/CVE-2025-59032.html

* https://www.suse.com/security/cve/CVE-2026-24031.html

* https://www.suse.com/security/cve/CVE-2026-27855.html

* https://www.suse.com/security/cve/CVE-2026-27856.html

* https://www.suse.com/security/cve/CVE-2026-27857.html

* https://www.suse.com/security/cve/CVE-2026-27858.html

* https://www.suse.com/security/cve/CVE-2026-27859.html

* https://www.suse.com/security/cve/CVE-2026-27860.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20554-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here