Release date:
2026-06-10 13:13:50 UTC
Description:
- CVE-2026-40020: imap-acl: reject CR/LF injection in SETACL identifier
- CVE-2026-42006: lib-imap: fix list_count_limit to actually limit '(' (incomplete fix for CVE-2026-27857)
- CVE-2026-33603: login-common: reject non-base64 SASL responses to prevent SCRAM channel binding bypass
- CVE-2026-40016: lib-sieve: enforce sieve_max_cpu_time inside :contains/:matches matcher loops
Updated packages:
-
dovecot-2.3.16-15.el9.tuxcare.els3.i686.rpm
sha:70077c2ba67aa93c31bc21fe137472a977acd25f17765ba17735e394b0c4c9ff
-
dovecot-2.3.16-15.el9.tuxcare.els3.x86_64.rpm
sha:5168975da1da03abe84d29392566eb51582c00fcf9cb3b9b02ee4476ab30f483
-
dovecot-devel-2.3.16-15.el9.tuxcare.els3.i686.rpm
sha:47837890e8b4dd108212b17ab26c913fecc816a0a8f151d9769b26c52cf3fa22
-
dovecot-devel-2.3.16-15.el9.tuxcare.els3.x86_64.rpm
sha:44775d8bf3503eb666181b273ee511a40067055634f9c119f93b844d6e553aaa
-
dovecot-mysql-2.3.16-15.el9.tuxcare.els3.x86_64.rpm
sha:dc5443572f2744cee46651639b3b5383d142de4c60700fcbde12a76029cc491b
-
dovecot-pgsql-2.3.16-15.el9.tuxcare.els3.x86_64.rpm
sha:aa04e0e1c6a807e8f5fcb7b124d60cffaa71d54bc582dc3b5cbcf836104c9de3
-
dovecot-pigeonhole-2.3.16-15.el9.tuxcare.els3.x86_64.rpm
sha:a8d314a5e27ce2b98f5fbd34761ed5334c8815821512981842af1360e778841b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
