Several security issues were fixed in Dovecot.
Software Description:
- dovecot: IMAP and POP3 email server
Details:
It was discovered that Dovecot incorrectly handled invalid base64 SASL data.
An attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 25.10. (CVE-2025-59028)
It was discovered that Dovecot script decode2text.sh incorrectly handled zip
files. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-59031)
It was discovered that Dovecot incorrectly handled certain AUTHENTICATE
requests. An attacker could possibly use this issue to cause a denial of
service. (CVE-2025-59032)
It was discovered that Dovecot incorrectly handled certain SQL based
authentication. An attacker could possibly use this issue to bypass
authentication. This issue only affected Ubuntu 25.10. (CVE-2026-24031)
It was discovered that Dovecot incorrectly handled certain LDAP based
authentication. An attacker could possibly...
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 dovecot-core 1:2.4.1+dfsg1-5ubuntu4.1 Ubuntu 24.04 LTS dovecot-core 1:2.3.21+dfsg1-2ubuntu6.3 Ubuntu 22.04 LTS dovecot-core 1:2.3.16+dfsg1-3ubuntu2.7 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8136-1
CVE-2025-59028, CVE-2025-59031, CVE-2025-59032, CVE-2026-0394,
CVE-2026-24031, CVE-2026-27855, CVE-2026-27856, CVE-2026-27857,
CVE-2026-27858, CVE-2026-27859, CVE-2026-27860
Get the latest Linux and open source security news straight to your inbox.