Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

openSUSE Dovecot24 Important Security Fixes 2026-21109-1

opensuse
Calendar Grey June 30, 2026
Dist Opensuse Esm H88
This update for dovecot24 addresses 5 important issues, ensuring system integrity and security for openSUSE users.
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for dovecot24 fixes the following issues

- CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines (bsc#1265146).

- CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection (bsc#1265147).

- CVE-2026-40016: Sieve: contains/: matches O(NxM) substring match bypasses sieve_max_cpu_time limit (bsc#1265148).

- CVE-2026-40020: IMAP folders can be shared-spammed to everyone (bsc#1265149).

- CVE-2026-42006: imap-login: uncontrolled memory usage with excessive bracing over IMAP (bsc#1265150).

Changes for dovecot24:

- Update to 2.4.4

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-974=1

Patch

Package List

- openSUSE Leap 16.0:

dovecot24-2.4.4-160000.1.1

dovecot24-backend-mysql-2.4.4-160000.1.1

dovecot24-backend-pgsql-2.4.4-160000.1.1

dovecot24-backend-sqlite-2.4.4-160000.1.1

dovecot24-devel-2.4.4-160000.1.1

dovecot24-fts-2.4.4-160000.1.1

dovecot24-fts-flatcurve-2.4.4-160000.1.1

dovecot24-fts-solr-2.4.4-160000.1.1

References

* bsc#1265146

* bsc#1265147

* bsc#1265148

* bsc#1265149

* bsc#1265150

References:

* https://www.suse.com/security/cve/CVE-2026-27851.html

* https://www.suse.com/security/cve/CVE-2026-33603.html

* https://www.suse.com/security/cve/CVE-2026-40016.html

* https://www.suse.com/security/cve/CVE-2026-40020.html

* https://www.suse.com/security/cve/CVE-2026-42006.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21109-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here