Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE Dovecot24 Important DoS SQL Injection Fixes 2026-21208-1

suse
Calendar Grey April 21, 2026
Dist Suse Esm H88
SUSE Dovecot24 security update addresses 10 issues, includes important fixes for authentication and SQL attacks.
An update that solves 10 vulnerabilities can now be installed.

Summary

## This update for dovecot24 fixes the following issues: * Update to v2.4.3 * CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894). * CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing (bsc#1260895). * CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902). * CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260896). * CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900). * CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899). * CVE-2026-27857: sending excessive parenthesis causes imap-login to use

References

* bsc#1260893

* bsc#1260894

* bsc#1260895

* bsc#1260896

* bsc#1260897

* bsc#1260898

* bsc#1260899

* bsc#1260900

* bsc#1260901

* bsc#1260902

Cross-

* CVE-2025-59028

* CVE-2025-59031

* CVE-2025-59032

* CVE-2026-24031

* CVE-2026-27855

* CVE-2026-27856

* CVE-2026-27857

* CVE-2026-27858

* CVE-2026-27859

* CVE-2026-27860

CVSS scores:

* CVE-2025-59028 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-59028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-59031 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-59031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-59031 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-59032 ( SUSE ): 8.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21208-1
Release Date: 2026-04-16T13:10:27Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here