Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 25.10 Dovecot Critical Vulnerabilities Denial of Service USN-8136-1

ubuntu
Calendar Grey March 31, 2026
Dist Ubuntu Esm H88
Dovecot security fixes address several vulnerabilities impacting Ubuntu 25.10 and other releases, affecting user security.
Several security issues were fixed in Dovecot.

Summary

Several security issues were fixed in Dovecot.

Software Description:

- dovecot: IMAP and POP3 email server

Details:

It was discovered that Dovecot incorrectly handled invalid base64 SASL data.

An attacker could possibly use this issue to cause a denial of service. This

issue only affected Ubuntu 25.10. (CVE-2025-59028)

It was discovered that Dovecot script decode2text.sh incorrectly handled zip

files. An attacker could possibly use this issue to obtain sensitive

information. (CVE-2025-59031)

It was discovered that Dovecot incorrectly handled certain AUTHENTICATE

requests. An attacker could possibly use this issue to cause a denial of

service. (CVE-2025-59032)

It was discovered that Dovecot incorrectly handled certain SQL based

authentication. An attacker could possibly use this issue to bypass

authentication. This issue only affected Ubuntu 25.10. (CVE-2026-24031)

It was discovered that Dovecot incorrectly handled certain LDAP based

authentication. An attacker could possibly...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  dovecot-core                    1:2.4.1+dfsg1-5ubuntu4.1

Ubuntu 24.04 LTS
  dovecot-core                    1:2.3.21+dfsg1-2ubuntu6.3

Ubuntu 22.04 LTS
  dovecot-core                    1:2.3.16+dfsg1-3ubuntu2.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8136-1

CVE-2025-59028, CVE-2025-59031, CVE-2025-59032, CVE-2026-0394,

CVE-2026-24031, CVE-2026-27855, CVE-2026-27856, CVE-2026-27857,

CVE-2026-27858, CVE-2026-27859, CVE-2026-27860

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8136-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here