Bugs fixes in "dovecot"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | 2026-06-02 |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | 2026-06-02 |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | 2026-06-02 |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | 2026-06-02 |
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | 2026-06-02 |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | 2026-06-02 |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | 2026-06-02 |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | 2026-06-02 |
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | 2026-06-02 |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | 2026-06-02 |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | 2026-06-02 |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | 2026-06-02 |
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | 2026-06-02 |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | 2026-06-02 |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | 2026-06-02 |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | 2026-06-02 |
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | 2026-06-02 |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | 2026-06-02 |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | 2026-06-02 |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | 2026-06-02 |
About
-
Send Feedback to @ubuntu_updates
