Release date:
2026-05-12 08:13:53 UTC
Description:
- CVE-2026-27855: use translated username in auth_cache_remove() to prevent OTP authentication replay attack
- CVE-2026-27856: use timing-safe credential comparison in doveadm HTTP and TCP authentication paths
Updated packages:
-
dovecot-2.3.16-8.el9.tuxcare.els5.i686.rpm
sha:61d86d1af5e07bd028316ce7743f9f9ec62467c74d7c07cc0cdb5e6e121551db
-
dovecot-2.3.16-8.el9.tuxcare.els5.x86_64.rpm
sha:a90ca46ef0b0a5a0fe4d06f8efea61a18a4ada3f252e3824c063e80f535db3b2
-
dovecot-devel-2.3.16-8.el9.tuxcare.els5.i686.rpm
sha:dcaf0ec40687873becc6b48e430ef6de15f8bc2c4bf1221cc34eb2b7fcd5b6fd
-
dovecot-devel-2.3.16-8.el9.tuxcare.els5.x86_64.rpm
sha:28d3b93d0c5cb4f9777eb9037a0a1c218b876b5c1a32e2ca4c9aac3ee1feb8bb
-
dovecot-mysql-2.3.16-8.el9.tuxcare.els5.x86_64.rpm
sha:fa5a01a9233ae1748d70285234e9603542f6321edce2e59094f9f4af4efcedcb
-
dovecot-pgsql-2.3.16-8.el9.tuxcare.els5.x86_64.rpm
sha:2829acad64f133f6cedaa7c05ae9909eab078f0ec046c3088f28c8c5d8f23f60
-
dovecot-pigeonhole-2.3.16-8.el9.tuxcare.els5.x86_64.rpm
sha:b8a04782a4a2e5d22a37ce5b6cff840cc41a0e13a31b9efd5131a7a1ac414cdd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
